Deleting the krb5_contexts on the thread that talks to the kdc fixes this, but seems hacky.
Chris On 2012/02/21 23:14, Chris Hecker wrote: > > The check for if (module->use_count > 0) in preauth2.c is kind of hosing > me, so I'm wondering what I'm doing wrong here... > > I have +requires_preauth set on a princ. My game uses a keytab and a > ccache to store the user's login information locally. Here are the > repro steps for my problem: > > 0. The game creates a krb5_context. > 1. Give my game a princ and the wrong password. > 2. The game creates a keytab with this info, and an empty ccache. > 3. The game calls krb5_get_init_creds_keytab with this keytab and > ccache as the destination. > 4. The call fails with KRB5_PREAUTH_FAILED > 5. The game closes the bad keytab and (emtpy) ccache, deletes the > keytab and ccache files. > 6. Give the princ and right password. > 7. Same as 2, with correct password. > 8. Same as 3, with new keytab. > 9. This time, since module->use_count > 0, the preauth process is never > called with the right key, so the preauth fails again. > 10. I am sad. > > Do I need to toast the whole krb5_context in step 5? That seems > extreme, since I can use these contexts with multiple different > auth_contexts and whatnot, they seem pretty independent of the current > state of the login process, etc. > > There's a krb5-int.h function krb5_clear_preauth_context_use_counts, > which doesn't do me much good. > > Chris > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
