[16138] in Kerberos-V5-bugs
[krbdev.mit.edu #7905] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Oct 9 19:55:53 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-7905@krbdev.mit.edu>
Message-ID: <rt-7905-48886.3.1808979165023@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #7905'":;
Date: Tue, 9 Oct 2018 19:55:42 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Prefer TCP to UDP for password changes
When password changes are performed over UDP, spotty networks may
cause the client to retransmit. This leads to replay errors if the
kpasswd server receives both requests, which hide the actual request
status and make it appear that the password has not been changed, when
it may in fact have been. Use TCP instead with UDP fallback to avoid
this issue.
https://github.com/krb5/krb5/commit/d7b3018d338fc9c989c3fa17505870f23c3759a8
Author: Robbie Harwood <rharwood@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: d7b3018d338fc9c989c3fa17505870f23c3759a8
Branch: master
src/lib/krb5/os/changepw.c | 104 ++++++++++++++++---------------------------
1 files changed, 39 insertions(+), 65 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs