[
https://issues.apache.org/jira/browse/DIRKRB-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168392#comment-15168392
]
Jiajia Li commented on DIRKRB-537:
----------------------------------
I agree with Kai's point, we can fix it in RC3.
> PreAuth and incorrect Password fails silently
> ---------------------------------------------
>
> Key: DIRKRB-537
> URL: https://issues.apache.org/jira/browse/DIRKRB-537
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 1.0.0-RC2
> Reporter: Gerard Gagliano
>
> In the following scenario, Kerby is configured for PreAuth required.
> 1. A login attempt causes Kerby to respond with a PreAuth required error.
> 2. A subsequent AS Request containing timestamped PreAuth data (where the
> password is correct) causes Kerby to send an AS Reply containing a ticket (it
> worked).
> 3. A subsequent AS Request containing timestamped PreAuth data (where the
> password is incorrect) causes Kerby to not send any Reply back to the client
> - failing silently except for the log message "Integrity check on decrypted
> field failed".
> In the above scenario, MIT Kerberos, sends back a Reply error code 31
> (integrity check failed) with e-text field containing "PREAUTH_FAILED".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
