[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal-20040120 snapshot and password quality


a colleague sent me the appended email. Do you know what the
problem is?

Many thanks,

> As I mentioned earlier, it appears that the heimdal-20040120
> snapshot does not properly pass the new password to the
> password quality routine from kpasswdd.  The krb5_data entry
> passed to the quality routine always has a 0 length.  Heimdal-0.6
> passed the password correctly to the quality routine.  Briefing
> looking at the code, I see extensive changes in the kpasswdd
> source code in this area to deal with the MS password issues,
> so it is not clear if I fully understand what is going on (let
> me rephrase that, I am sure I do not fully understand), but
> I am especially suspicious of the lines in the routine "change"
> (around source line 222) that being with:
>     if (version == KRB5_KPASSWD_VERS_CHANGEPW) {
>          ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data);
> Perhaps the chpw.newpasswd should be in_data?  I have not
> looked at the other changes, so I may very well be incorrect.

  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
                http://www.slac.stanford.edu/~alfw (PGP)