Skip Menu |

From: Sam Hartman <hartmans@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: kinit and krb5_get_init_creds_password discard error message state
Date: Thu, 12 Mar 2009 23:27:03 -0400

There is a lot of code behind krb5_get_init_creds (and significantly
more with FAST) that calls krb5_set_error_message. Unfortunately,
this interacts badly with the use_master loop in routines like
krb5_get_init_creds_password, particularly if no master KDC is
available. What ends up happening is that the error message is
overwritten indicating what KDC cannot be contacted. The code
correctly returns the original error code but does not restore the
error state.