Skip Menu |
 

History Show all quoted textShow full headers
# Sat Oct 15 12:56:30 2011 ghudson@mit.edu (Greg Hudson) - Ticket created
From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 464B

In the kpasswd server code, don't set a remote address in the auth
context before calling krb5_rd_priv, since the kpasswd protocol is
well-protected against reflection attacks. This allows password
changes to work in cases where a NAT has changed the client IP address
as it is seen by the server.

https://github.com/krb5/krb5/commit/b91da5a4c7efc189dcfe57c4de2a8e8673102295
Commit By: ghudson
Revision: 25356
Changed Files:
U trunk/src/kadmin/server/schpw.c
# Sat Oct 15 12:56:30 2011 ghudson@mit.edu (Greg Hudson) - Requestor ghudson@mit.edu (Greg Hudson) added
# Sat Oct 15 12:56:30 2011 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'
# Mon Oct 17 19:26:21 2011 tlyu (Taylor Yu) - Version_Fixed 1.10 added
# Thu Mar 20 17:48:45 2014 ghudson@mit.edu (Greg Hudson) - Ticket 6979 RefersTo ticket 7886.
# Thu Mar 20 17:48:45 2014 ghudson@mit.edu (Greg Hudson) - Comments added
Download (untitled) / with headers
text/plain 71B
Just adding a note that #7886 makes the symmetric change for the reply.
# Sun Sep 24 20:39:59 2017 ghudson@mit.edu (Greg Hudson) - Status changed from 'review' to 'resolved'