Bug 14125 - As kerberos service/acceptor we may not accept tickets with our previous machine password
Summary: As kerberos service/acceptor we may not accept tickets with our previous mach...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.11.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 12907
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-13 13:19 UTC by Stefan Metzmacher
Modified: 2019-11-27 09:29 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2019-09-13 13:19:29 UTC
As we don't know under what kvno a KDC stores our machine passwords
we just use fantasy numbers when filling the in memory keytab
with our (up to 4) machine passwords.

If the kvno matches by accident the number we made up, the heimdal
kerberos library may not fallback and check all other keys/passwords.