[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpasswdd allows password reuse when keys master-key encrypted

To: Buck Huppmann <buckh@pobox.com>
Subject: Re: kpasswdd allows password reuse when keys master-key encrypted
From: Love <lha@stacken.kth.se>
Date: Tue, 30 Dec 2003 16:51:47 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20031229202317.GA10258@curie.rsma.frb.gov> (Buck Huppmann'smessage of "Mon, 29 Dec 2003 15:23:17 -0500")
References: <20031229202317.GA10258@curie.rsma.frb.gov>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix)

Buck Huppmann <buckh@pobox.com> writes:

> Hi
>
> We're trying to age passwords but find that users can reenter the same
> password when using kpasswd/kinit/pam_krb5, and kpasswdd doesn't care.
> From what testing i've done, the patch below would seem to fix the prob-
> lem, but i don't know what further undesirable ramifications it may cause,
> so caveat emptor. (The second hunk--i don't even know if that's the right
> thing to return, but 0 doesn't seem right either)

Yes, that is correct, commited a fix for it. Thanks.

However, I don't know if the test should be there. It should really be in a
password quality check funktion and not there.

Love

PGP signature

References:
- kpasswdd allows password reuse when keys master-key encrypted
  - From: Buck Huppmann <buckh@pobox.com>

Prev by Date: No Subject
Prev by thread: kpasswdd allows password reuse when keys master-key encrypted
Next by thread: No Subject
Index(es):
- Date
- Thread