← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #01321

[Bug 988520] Re: After failed auth, subsequent auths in same context fail

  Thread PreviousDate PreviousThread Next 
Verified fixed on Quantal. Just need the SRU for Precise now. Note that
the test script fails some other tests. This bug addresses the "module
/bad-authtok" test only.

** Description changed:

  SRU Justification
  
  [Impact]
  
  If an authentication fails after preauth was requested, all subsequent
  preauth-required authentications in the same Kerberos context will also
  fail. This breaks password change when credentials have expired, and
  also breaks try_first_pass functionality in Kerberos PAM modules.
  
  [Development Fix]
  
- New upstream release. Updated in Debian. Pending sync in Ubuntu.
- Verified in Ubuntu manually.
+ New upstream release. Updated in Debian. Synced in Ubuntu. Verified
+ fixed on Quantal using test case below.
  
  [Stable Fix]
  
  Upstream patch cherry-picked. Debdiff attached.
  
  [Test Case]
  
  testcase.sh attached.
  
  [Regression Potential]
  
  Low: one line patch for missing initialisation written by upstream.
  
  
  Original report by Russ Allbery:
  
  MIT Kerberos 1.10 (including pre-releases and betas) exposed a bug in
  the tracking of preauth mechanisms such that, if an authentication fails
  after preauth was requested, all subsequent preauth-required
  authentications in the same Kerberos context will also fail.
  
  This breaks password change when credentials have expired, and also
  breaks try_first_pass functionality in Kerberos PAM modules.
  
  Upstream has fixed this problem in their mainline with commit 25822.

** Changed in: krb5 (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to krb5 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/988520

Title:
  After failed auth, subsequent auths in same context fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/988520/+subscriptions
  Thread PreviousDate PreviousThread Next