[18218] in Athena Bugs
Re: tblinux passwd lossage
daemon@ATHENA.MIT.EDU (Robert A Basch)
Fri Sep 1 16:15:37 2000
Date: Fri, 1 Sep 2000 16:15:29 -0400 (EDT)
Message-Id: <200009012015.QAA17634@aupair.mit.edu>
From: Robert A Basch <rbasch@MIT.EDU>
To: John Hawkinson <jhawk@mit.edu>
CC: bugs@mit.edu, krbcore@mit.edu, rbasch@mit.edu
In-reply-to: "[18190] in Athena Bugs"
> A user failed to change her password on alice-whacker. Works fine on other
> machines.
>
> --jhawk
>
> athena% passwd
> Running Kerberos password-changing program.
> Old password for becky1:
> New Password for becky1:
> Verifying, please re-enter new password:
> kpasswd: Unknown code krb 37 while attempting to change password.
> Password NOT changed.
> athena% passwd
> Running Kerberos password-changing program.
> Old password for becky1:
> New Password for becky1:
> Verifying, please re-enter new password:
> kpasswd: Unknown code krb 37 while attempting to change password.
> Password NOT changed.
> athena%
The primary problem here is a server bug in byte-swapping the
timestamp from a little endian client, thus causing a time out of
bounds error; the program will succeed or fail depending on the sign
(high) bit of the least significant byte of the timestamp. (So it
would have worked if she had retried two minutes or so after the
failure). I've passed this along to the Kerberos team, and the
deployment of a server fix should be scheduled soon.
The failure to display a proper error message is a client bug, for
which I will submit a patch.
Thank you for reporting this.
Bob
