[31501] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.22]: Fix IAKERB realm discovery state machine
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Jan 27 23:49:21 2026
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20260128044916.AFB8310430D@krbdev.mit.edu>
Date: Tue, 27 Jan 2026 23:49:16 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/905790f6fd66de8a2e05abfdb886a1ca66dfffab
commit 905790f6fd66de8a2e05abfdb886a1ca66dfffab
Author: Andreas Schneider <asn@cryptomilk.org>
Date: Fri Jan 23 16:32:57 2026 +0100
Fix IAKERB realm discovery state machine logic
In iakerb_initiator_step(), when realm discovery completes, set the
state to IAKERB_AS_REQ so we don't repeat the overwrite of
cred->name->princ->realm on the next token.
(cherry picked from commit 5de16db5935c5a23f5548de1004cb4d7896c716b)
ticket: 9194
version_fixed: 1.22.2
src/lib/gssapi/krb5/iakerb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 90a9bce11..7cc4710e2 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -631,6 +631,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
cred->name->princ->realm = server_realm;
server_realm = empty_data();
+ ctx->state = IAKERB_AS_REQ;
/* Done with realm discovery; fall through to AS request. */
case IAKERB_AS_REQ:
if (ctx->icc == NULL) {
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
