[3676] in Kerberos-V5-bugs
[krbdev.mit.edu #1266] Patches for unixtime preauthentication
daemon@ATHENA.MIT.EDU (\"\"Darren Reed \(Optimation\)\" v)
Thu Nov 28 23:43:19 2002
Message-Id: <rt-1266-3743.10.3024129148521@krbdev.mit.edu>
In-Reply-To: <rt-1266@krbdev.mit.edu>
From: "\"\"Darren Reed \(Optimation\)\" via RT\"" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Thu, 28 Nov 2002 23:42:38 -0500 (EST)
I've attached the patches I made as the file unixtimepreauth.patch.
The only comment I'd make against using it as is would be I
did not want to venture into the territory of assigning new
error codes to indicate different failure reasons and so went
in search of others that seemed reasonable analogues to what
checks were being made.
I don't know how concerned you are about this, with, for example,
malloc() failing in the existing verify_enc_timestamp() returning
success rather than failure. ie. starve the KDC of memory and
preauth will always succeed. Only thing is, I'm sure lots of other
things would have failed before you got that far (I hope!) because
it sounds bad when put like that.
Cheers,
Darren
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
