[3101] in Kerberos-V5-bugs
krb5-admin/742: kadmin enhancement req
daemon@ATHENA.MIT.EDU (David Champion)
Wed Aug 25 16:51:09 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, David Champion <dgc@smack.uchicago.edu>
Message-Id: <19990825155026.I11819@smack.uchicago.edu>
Date: Wed, 25 Aug 1999 15:50:26 -0500
From: David Champion <dgc@smack.uchicago.edu>
Reply-To: David Champion <dgc@smack.uchicago.edu>
To: krb5-bugs@MIT.EDU
Cc: network-security@uchicago.edu
>Number: 742
>Category: krb5-admin
>Synopsis: kadmin does not exist with nonzero status
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Wed Aug 25 16:51:00 EDT 1999
>Last-Modified:
>Originator: David Champion
>Organization:
University of Chicago
>Release: krb5-1.0.6
>Environment:
System: SunOS smack 5.7 Generic_106541-04 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libc.so.1 => /usr/lib/libc.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
>Description:
kadmin does not exit with nonzero status upon failure of operations
given with the -q option (or interactively, but that's not a big
problem.) Specifically, our account management system needs to be able
to send ank, modprinc, and cpw queries create, enable/disable, and
passwd principals. kadmin should exit with nonzero status when these
operations fail because of policy violations, bad passwords, or
nonexistent principals.
>How-To-Repeat:
root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "ank -policy default +requires_preauth -pw bad_password new_princ@REALM"
root# echo $?
0
root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "modprinc -expire now -allow_tix nonexistent_princ@REALM"
root# echo $?
0
root# /opt/sbin/kadmin -p my_princ/actmgr@REALM -w "my unfortunately exposed password" -q "cpw -pw bad_password smack@UCHICAGO.EDU"
root# echo $?
0
>Fix:
Should be fairly evident....
--
-D. dgc@uchicago.edu
System Administrator, etc etc.
The University of Chicago, Inc.
>Audit-Trail:
>Unformatted:
