You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2016/02/26 04:37:18 UTC

[jira] [Commented] (DIRKRB-537) PreAuth and incorrect Password fails silently

    [ https://issues.apache.org/jira/browse/DIRKRB-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168382#comment-15168382 ] 

Kai Zheng commented on DIRKRB-537:
----------------------------------

Thanks for reporting of this, [~gg]. I agree this should be fixed but maybe in a release after RC2 like RC3, as the RC2 is right going to be out. [~jiajia] please let me know what would you think. Thanks.

> PreAuth and incorrect Password fails silently
> ---------------------------------------------
>
>                 Key: DIRKRB-537
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-537
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>            Reporter: Gerard Gagliano
>
> In the following scenario, Kerby is configured for PreAuth required.
> 1. A login attempt causes Kerby to respond with a PreAuth required error.
> 2. A subsequent AS Request containing timestamped PreAuth data (where the password is correct) causes Kerby to send an AS Reply containing a ticket (it worked).
> 3. A subsequent AS Request containing timestamped PreAuth data (where the password is incorrect) causes Kerby to not send any Reply back to the client - failing silently except for the log message "Integrity check on decrypted field failed".
> In the above scenario, MIT Kerberos, sends back a Reply error code 31 (integrity check failed) with e-text field containing "PREAUTH_FAILED".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)