Skip Menu |
 

From: "Kevin Wasserman" <krwasserman@hotmail.com>
To: <krb5-bugs@mit.edu>
Subject: Can't change password without default_realm
Date: Tue, 8 May 2012 11:34:11 -0400
>kpasswd krwasserman@SUCHDAMAGE.ORG
kpasswd: Configuration file does not specify default realm getting initial ticke
t
>
 
The following code from build_in_tkt_name() in get_in_tkt.c fails:
 
    if (in_tkt_service) {
        /* this is ugly, because so are the data structures involved.  I'm
           in the library, so I'm going to manipulate the data structures
           directly, otherwise, it will be worse. */
 
        if ((ret = krb5_parse_name(context, in_tkt_service, server)))
->            return ret;
 
Since it�s about to stomp the server realm with the client realm,
it seems gratuitous to require that there is a default realm to
construct the server principal.
 
Kevin Wasserman
Painless Security, LLC
 
Also mentioned by Stef Walter on krbdev:

http://mailman.mit.edu/pipermail/krbdev/2012-April/010790.html

I'm evaluating which solution comes out to be more elegant (adding an
ignore-realm flag to krb5_parse_name_flags or preprocessing the
in_tkt_service string).
From: ghudson@mit.edu
Subject: SVN Commit
Make password change work without default realm

This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive. A more comprehensive fix will
follow.

https://github.com/krb5/krb5/commit/b9ff95a51ef11742abc9687a70b6d8324eda6803
Commit By: ghudson
Revision: 25860
Changed Files:
U trunk/src/lib/krb5/krb/get_in_tkt.c
From: tlyu@mit.edu
Subject: SVN Commit

Make password change work without default realm

This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive. A more comprehensive fix will
follow.

(cherry picked from commit b9ff95a51ef11742abc9687a70b6d8324eda6803)

https://github.com/krb5/krb5/commit/3d4f8431d5d34e0ffaaeee0bfe55c552de3ebdfe
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 3d4f8431d5d34e0ffaaeee0bfe55c552de3ebdfe
src/lib/krb5/krb/get_in_tkt.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)