[17015] in Kerberos-V5-bugs
[krbdev.mit.edu #9169] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Apr 8 17:29:15 2025
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-4032782-1744147744-127.9169-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9169":;
Date: Tue, 08 Apr 2025 17:29:04 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9169 >
Only handle IAKERB errors in initiator step
iakerb_initiator_step() must pass through most KRB-ERROR messages in
order to properly handle recoverable AS and TGS errors such as
KDC_ERR_PREAUTH_REQUIRED. Only stop on IAKERB errors.
[ghudson@mit.edu: changed code to check for com_err codes instead of
protocol codes; changed iakerb_acceptor_realm() to respond with an
IAKERB error when realm determination fails and modified test case
accordingly; added a test case by requiring preauth on the user
principal when testing IAKERB; rewrote commit message]
https://github.com/krb5/krb5/commit/e2e5f386ccf2bea1fa55ce544f43098ae2b38f89
Author: Andreas Schneider <asn@cryptomilk.org>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: e2e5f386ccf2bea1fa55ce544f43098ae2b38f89
Branch: master
src/lib/gssapi/krb5/iakerb.c | 14 +++++++++++---
src/tests/gssapi/t_gssapi.py | 3 ++-
2 files changed, 13 insertions(+), 4 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
