Gerard Gagliano created DIRKRB-537:
--------------------------------------
Summary: PreAuth and incorrect Password fails silently
Key: DIRKRB-537
URL: https://issues.apache.org/jira/browse/DIRKRB-537
Project: Directory Kerberos
Issue Type: Bug
Affects Versions: 1.0.0-RC2
Reporter: Gerard Gagliano
In the following scenario, Kerby is configured for PreAuth required.
1. A login attempt causes Kerby to respond with a PreAuth required error.
2. A subsequent AS Request containing timestamped PreAuth data (where the
password is correct) causes Kerby to send an AS Reply containing a ticket (it
worked).
3. A subsequent AS Request containing timestamped PreAuth data (where the
password is incorrect) causes Kerby to not send any Reply back to the client -
failing silently except for the log message "Integrity check on decrypted field
failed".
In the above scenario, MIT Kerberos, sends back a Reply error code 31
(integrity check failed) with e-text field containing "PREAUTH_FAILED".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
