 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CGI problem with expired passwords
The cgi doesn't handle the case of principals with expired passwords. It
will generate an invalid response as a result of the
krb5_get_init_creds_password function call trying to prompt the user to
change password if it is expired. The patch attached will set the prompter
to NULL to prevent the library function prompting.
Cheers
--
=============================================================================
Graeme Wood Email: Graeme.Wood@xxxxxxxx
Unix Systems Support Phone: +44 131 650 5003
The University of Edinburgh Fax: +44 131 650 6552
============================================================================= *** cgi.c.orig Tue Aug 24 11:04:19 2004
--- cgi.c Tue Aug 24 11:04:28 2004
***************
*** 545,551 ****
krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
if (( kerror = krb5_get_init_creds_password( kcontext, &kcreds,
! kprinc, cl[ CL_PASSWORD ].cl_data, krb5_prompter_posix, NULL, 0,
NULL /*keytab */, &kopts ))) {
if ( kerror == KRB5KRB_AP_ERR_BAD_INTEGRITY ) {
--- 545,551 ----
krb5_get_init_creds_opt_set_proxiable( &kopts, 0 );
if (( kerror = krb5_get_init_creds_password( kcontext, &kcreds,
! kprinc, cl[ CL_PASSWORD ].cl_data, NULL, NULL, 0,
NULL /*keytab */, &kopts ))) {
if ( kerror == KRB5KRB_AP_ERR_BAD_INTEGRITY ) {
| 
