[1756] in Kerberos-V5-bugs
possible bug in b5 src/appl/bsd/login.c
daemon@ATHENA.MIT.EDU (Paul Pomes)
Fri Dec 22 17:14:08 1995
Date: Fri, 22 Dec 1995 14:13:49 -0800 (PST)
From: Paul Pomes <ppomes@Qualcomm.com>
To: krb5-bugs@MIT.EDU
Cc: daphnaz@zelkova.qualcomm.com
In src/appl/bsd/login.c around line 610 there's this section of code.
#ifdef HAVE_SHADOW
if (spwd)
lpass_ok = !strcmp(namep, spwd->sp_pwdp);
else /* XXX? */
#else
lpass_ok = !strcmp (namep, pwd->pw_passwd);
#endif
if (pwd->pw_uid != 0) { /* Don't get tickets for root */
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
As I read it, if shadow passwords are used on a system, then the 'else'
(marked with XXX?) will prevent obtaining a Kerberos TGT.
/pbp
