[Bug 988520] Re: After failed auth, subsequent auths in same context fail
Robie Basak
988520 at bugs.launchpad.net
Tue May 15 03:06:21 UTC 2012
** Attachment added: "Test build"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/988520/+attachment/3146880/+files/krb5_1.10%2Bdfsg%7Ebeta1-2ubuntu0.1_amd64.build.xz
** Description changed:
+ SRU Justification
+
+ [Impact]
+
+ If an authentication fails after preauth was requested, all subsequent
+ preauth-required authentications in the same Kerberos context will also
+ fail. This breaks password change when credentials have expired, and
+ also breaks try_first_pass functionality in Kerberos PAM modules.
+
+ [Development Fix]
+
+ New upstream release. Updated in Debian. Pending sync in Ubuntu.
+ Verified in Ubuntu manually.
+
+ [Stable Fix]
+
+ Upstream patch cherry-picked. Debdiff attached.
+
+ [Test Case]
+
+ testcase.sh attached.
+
+ [Regression Potential]
+
+ Low: one line patch for missing initialisation written by upstream.
+
+
+ Original report by Russ Allbery:
+
MIT Kerberos 1.10 (including pre-releases and betas) exposed a bug in
the tracking of preauth mechanisms such that, if an authentication fails
after preauth was requested, all subsequent preauth-required
authentications in the same Kerberos context will also fail.
This breaks password change when credentials have expired, and also
breaks try_first_pass functionality in Kerberos PAM modules.
Upstream has fixed this problem in their mainline with commit 25822.
** Changed in: krb5 (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/988520
Title:
After failed auth, subsequent auths in same context fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/988520/+subscriptions
More information about the Ubuntu-server-bugs
mailing list