[Bug 988520] [NEW] After failed auth, subsequent auths in same context fail
Launchpad Bug Tracker
988520 at bugs.launchpad.net
Tue May 15 17:41:09 UTC 2012
You have been subscribed to a public bug by Ubuntu Foundation's Bug Bot (crichton):
SRU Justification
[Impact]
If an authentication fails after preauth was requested, all subsequent
preauth-required authentications in the same Kerberos context will also
fail. This breaks password change when credentials have expired, and
also breaks try_first_pass functionality in Kerberos PAM modules.
[Development Fix]
New upstream release. Updated in Debian. Pending sync in Ubuntu.
Verified in Ubuntu manually.
[Stable Fix]
Upstream patch cherry-picked. Debdiff attached.
[Test Case]
testcase.sh attached.
[Regression Potential]
Low: one line patch for missing initialisation written by upstream.
Original report by Russ Allbery:
MIT Kerberos 1.10 (including pre-releases and betas) exposed a bug in
the tracking of preauth mechanisms such that, if an authentication fails
after preauth was requested, all subsequent preauth-required
authentications in the same Kerberos context will also fail.
This breaks password change when credentials have expired, and also
breaks try_first_pass functionality in Kerberos PAM modules.
Upstream has fixed this problem in their mainline with commit 25822.
** Affects: krb5 (Ubuntu)
Importance: Medium
Status: Triaged
** Affects: krb5 (Debian)
Importance: Unknown
Status: Fix Released
** Tags: patch
--
After failed auth, subsequent auths in same context fail
https://bugs.launchpad.net/bugs/988520
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list