Skip Menu |
 

Subject: Preauth fails for second AS request in a krb5 context
The client preauth subsystem tries to avoid invoking the same loadable
preauth module twice during an AS request. The use_count field used for
this purpose is initialized in krb5_init_preauth_context, which is
invoked only once per library context. The use_count field is reset if
we receive a final AS reply, but not if we fail before that point.

This problem has existed since 1.6, but became much more visible in 1.10
when encrypted timestamp was moved to the modules table. For example,
when krb5_get_init_context_password tries to change an expired password,
it will fail if the principal requires preauth.
From: ghudson@mit.edu
Subject: SVN Commit
Clear preauth use counts for each AS request

Initialize use_count fields in krb5_preauth_request_context_init,
which is invoked before each AS request. Previously they were
initialized only in krb5_init_preauth_context, which is only invoked
once per krb5 library context.

https://github.com/krb5/krb5/commit/623ae8f1090eccb2791e8266b24361bca837687f
Commit By: ghudson
Revision: 25822
Changed Files:
U trunk/src/lib/krb5/krb/preauth2.c
From: tlyu@mit.edu
Subject: SVN Commit

Clear preauth use counts for each AS request

Initialize use_count fields in krb5_preauth_request_context_init,
which is invoked before each AS request. Previously they were
initialized only in krb5_init_preauth_context, which is only invoked
once per krb5 library context.

(cherry picked from commit f469d77cc53c43a2e85f80ab3cf68caa82c4d24b)

https://github.com/krb5/krb5/commit/276b44d7bd9ed05d5618b287b4e601d1a872a067
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 276b44d7bd9ed05d5618b287b4e601d1a872a067
src/lib/krb5/krb/preauth2.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)