[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kpasswd and KRB5_AUTH_CONTEXT_DO_SEQUENCE

To: heimdal-discuss@sics.se
Subject: kpasswd and KRB5_AUTH_CONTEXT_DO_SEQUENCE
From: Derrick J Brashear <shadow@dementia.org>
Date: Tue, 11 Jul 2000 10:54:14 -0400 (EDT)
Reply-To: Derrick J Brashear <shadow@dementia.org>
Sender: owner-heimdal-discuss@sics.se

I'm setting up Heimdal in support of a diverse environment, in this case
including hosts running MIT krb5. kpasswdd.c includes code:
    krb5_auth_con_setflags (context, auth_context,
                            KRB5_AUTH_CONTEXT_DO_SEQUENCE);
When I leave it enabled, the MIT clients (which I don't control, and hence
can't update) choke. When I disable it, of course, the heimdal client gets
unhappy unless I also disable the client side call to enable this in
lib/krb5/changepw.c; That's fine, instead of disabling either of these I
disabled the returning of ERR_BADORDER in rd_{safe,priv}.c and just play
like it was successful.

If there were a config option for turning this off rather than me needing
to patch, it would be useful; I'd contribute such a patch if I knew what
option name you wanted used, but it's really a trivial patch.

-D

Follow-Ups:
- kpasswd and retransmits
  - From: Derrick J Brashear <shadow@dementia.org>
- Re: kpasswd and KRB5_AUTH_CONTEXT_DO_SEQUENCE
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: bug fix for db3 support
Next by Date: kpasswd and retransmits
Prev by thread: Re: bug fix for db3 support
Next by thread: kpasswd and retransmits
Index(es):
- Date
- Thread