subject:"\[Touch\-packages\] \[Bug 1004465\] Re\: heimdal and mit kinit doesn't handle expired credentials"

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

2016-12-19 Thread Nish Aravamudan

If you are still affected by this issue on 12.04 or 14.40, please reply
in this bug and we can consider it for SRU.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1004465

Title:
  heimdal and mit kinit doesn't handle expired credentials

Status in heimdal package in Ubuntu:
  Fix Released
Status in krb5 package in Ubuntu:
  Fix Released
Status in heimdal package in Debian:
  Fix Released

Bug description:
  Hi.

  ubuntu 12.04 i386,amd64

  For now kerberos (both - mit and heimdal) kinit doesn't handle expired (or 
'must change') passwords. That's a serious regression (lucid is fine) - no 
integration (pam) into kerberos environments that use password expiration could 
be done. Tested with heimdal kdc (file and ldap db) and win2008r2 kdc on 
several machines. This bug stops us from migrating to the next LTS in our 
environment. Thinking it should be fixed.
  Heimdal KDC logs are in the attachment. What I can see in these logs is that 
lucid heimdal kinit doesn't send REQ-ENC-PA-REP patype while precise kinits 
send. May this be the reason? If more info is needed please just ask.

  How to reproduce:

  # apt-get -y install heimdal-kdc
  # cat > /etc/krb5.conf
  [libdefaults]
default_realm = TEST.LAN

  [realms]
TEST.LAN = {
kdc=127.0.0.1
}

  # kadmin -l init TEST.LAN
  # kadmin -l add test
  Max ticket life [1 day]:
  Max renewable life [1 week]:
  Principal expiration time [never]:
  Password expiration time [never]:2000-01-01 # Set expiration time to the 
past
  Attributes []:
  Policy [default]:
  t...@test.lan's Password: 
  Verify password - t...@test.lan's Password:

  # apt-get -y install heimdal-clients
  # dpkg -l |grep heimdal-clients
  ii  heimdal-clients  1.6~git20120311.dfsg.1-2   Heimdal 
Kerberos - clients
  # kinit --version
  kinit (Heimdal 1.5.99)
  Copyright 1995-2011 Kungliga Tekniska Högskolan
  Send bug-reports to heimdal-b...@h5l.org
  # kinit test
  t...@test.lan's Password: 
  kinit: krb5_get_init_creds: Password has expired

  And no asking for changing password.

  # apt-get -y install krb5-user
  # dpkg -l |grep krb5-user
  ii  krb5-user   1.10+dfsg~beta1-2Basic 
programs to authenticate using MIT Kerberos
  # kinit test
  Password for t...@test.lan: 
  kinit: Generic preauthentication failure while getting initial credentials

  And no asking for changing password again.
  But kpasswd works fine (heimdal & mit):
  # kpasswd test
  t...@test.lan's Password: 
  Your password will expire at Tue Jan  2 02:59:59 2000

  New password for t...@test.lan: 
  Verify password - New password for t...@test.lan: 
  Success : Password changed

  The same time all works fine with ubuntu 10.04 heimdal (1.2) and
  freebsd 9.0 heimdal (1.1) (kdc is still from ubuntu 12.04), it does
  change password if it's required.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1004465/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

2016-12-19 Thread Nish Aravamudan

Fixed in Debian heimdal 1.7~git20150920+dfsg-4.

rmadison reports:

 heimdal | 1.7~git20150920+dfsg-4ubuntu1 | xenial  | source
 heimdal | 1.7~git20150920+dfsg-4ubuntu1 | yakkety | source
 heimdal | 1.7~git20160703+dfsg-1ubuntu1 | zesty   | source

** Changed in: heimdal (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1004465

Title:
  heimdal and mit kinit doesn't handle expired credentials

Status in heimdal package in Ubuntu:
  Fix Released
Status in krb5 package in Ubuntu:
  Fix Released
Status in heimdal package in Debian:
  Fix Released

Bug description:
  Hi.

  ubuntu 12.04 i386,amd64

  For now kerberos (both - mit and heimdal) kinit doesn't handle expired (or 
'must change') passwords. That's a serious regression (lucid is fine) - no 
integration (pam) into kerberos environments that use password expiration could 
be done. Tested with heimdal kdc (file and ldap db) and win2008r2 kdc on 
several machines. This bug stops us from migrating to the next LTS in our 
environment. Thinking it should be fixed.
  Heimdal KDC logs are in the attachment. What I can see in these logs is that 
lucid heimdal kinit doesn't send REQ-ENC-PA-REP patype while precise kinits 
send. May this be the reason? If more info is needed please just ask.

  How to reproduce:

  # apt-get -y install heimdal-kdc
  # cat > /etc/krb5.conf
  [libdefaults]
default_realm = TEST.LAN

  [realms]
TEST.LAN = {
kdc=127.0.0.1
}

  # kadmin -l init TEST.LAN
  # kadmin -l add test
  Max ticket life [1 day]:
  Max renewable life [1 week]:
  Principal expiration time [never]:
  Password expiration time [never]:2000-01-01 # Set expiration time to the 
past
  Attributes []:
  Policy [default]:
  t...@test.lan's Password: 
  Verify password - t...@test.lan's Password:

  # apt-get -y install heimdal-clients
  # dpkg -l |grep heimdal-clients
  ii  heimdal-clients  1.6~git20120311.dfsg.1-2   Heimdal 
Kerberos - clients
  # kinit --version
  kinit (Heimdal 1.5.99)
  Copyright 1995-2011 Kungliga Tekniska Högskolan
  Send bug-reports to heimdal-b...@h5l.org
  # kinit test
  t...@test.lan's Password: 
  kinit: krb5_get_init_creds: Password has expired

  And no asking for changing password.

  # apt-get -y install krb5-user
  # dpkg -l |grep krb5-user
  ii  krb5-user   1.10+dfsg~beta1-2Basic 
programs to authenticate using MIT Kerberos
  # kinit test
  Password for t...@test.lan: 
  kinit: Generic preauthentication failure while getting initial credentials

  And no asking for changing password again.
  But kpasswd works fine (heimdal & mit):
  # kpasswd test
  t...@test.lan's Password: 
  Your password will expire at Tue Jan  2 02:59:59 2000

  New password for t...@test.lan: 
  Verify password - New password for t...@test.lan: 
  Success : Password changed

  The same time all works fine with ubuntu 10.04 heimdal (1.2) and
  freebsd 9.0 heimdal (1.1) (kdc is still from ubuntu 12.04), it does
  change password if it's required.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1004465/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

2016-12-10 Thread Bug Watch Updater

** Changed in: heimdal (Debian)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1004465

Title:
  heimdal and mit kinit doesn't handle expired credentials

Status in heimdal package in Ubuntu:
  Confirmed
Status in krb5 package in Ubuntu:
  Fix Released
Status in heimdal package in Debian:
  Fix Released

Bug description:
  Hi.

  ubuntu 12.04 i386,amd64

  For now kerberos (both - mit and heimdal) kinit doesn't handle expired (or 
'must change') passwords. That's a serious regression (lucid is fine) - no 
integration (pam) into kerberos environments that use password expiration could 
be done. Tested with heimdal kdc (file and ldap db) and win2008r2 kdc on 
several machines. This bug stops us from migrating to the next LTS in our 
environment. Thinking it should be fixed.
  Heimdal KDC logs are in the attachment. What I can see in these logs is that 
lucid heimdal kinit doesn't send REQ-ENC-PA-REP patype while precise kinits 
send. May this be the reason? If more info is needed please just ask.

  How to reproduce:

  # apt-get -y install heimdal-kdc
  # cat > /etc/krb5.conf
  [libdefaults]
default_realm = TEST.LAN

  [realms]
TEST.LAN = {
kdc=127.0.0.1
}

  # kadmin -l init TEST.LAN
  # kadmin -l add test
  Max ticket life [1 day]:
  Max renewable life [1 week]:
  Principal expiration time [never]:
  Password expiration time [never]:2000-01-01 # Set expiration time to the 
past
  Attributes []:
  Policy [default]:
  t...@test.lan's Password: 
  Verify password - t...@test.lan's Password:

  # apt-get -y install heimdal-clients
  # dpkg -l |grep heimdal-clients
  ii  heimdal-clients  1.6~git20120311.dfsg.1-2   Heimdal 
Kerberos - clients
  # kinit --version
  kinit (Heimdal 1.5.99)
  Copyright 1995-2011 Kungliga Tekniska Högskolan
  Send bug-reports to heimdal-b...@h5l.org
  # kinit test
  t...@test.lan's Password: 
  kinit: krb5_get_init_creds: Password has expired

  And no asking for changing password.

  # apt-get -y install krb5-user
  # dpkg -l |grep krb5-user
  ii  krb5-user   1.10+dfsg~beta1-2Basic 
programs to authenticate using MIT Kerberos
  # kinit test
  Password for t...@test.lan: 
  kinit: Generic preauthentication failure while getting initial credentials

  And no asking for changing password again.
  But kpasswd works fine (heimdal & mit):
  # kpasswd test
  t...@test.lan's Password: 
  Your password will expire at Tue Jan  2 02:59:59 2000

  New password for t...@test.lan: 
  Verify password - New password for t...@test.lan: 
  Success : Password changed

  The same time all works fine with ubuntu 10.04 heimdal (1.2) and
  freebsd 9.0 heimdal (1.1) (kdc is still from ubuntu 12.04), it does
  change password if it's required.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1004465/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

2016-09-28 Thread Bug Watch Updater

** Changed in: heimdal (Debian)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1004465

Title:
  heimdal and mit kinit doesn't handle expired credentials

Status in heimdal package in Ubuntu:
  Confirmed
Status in krb5 package in Ubuntu:
  Fix Released
Status in heimdal package in Debian:
  Confirmed

Bug description:
  Hi.

  ubuntu 12.04 i386,amd64

  For now kerberos (both - mit and heimdal) kinit doesn't handle expired (or 
'must change') passwords. That's a serious regression (lucid is fine) - no 
integration (pam) into kerberos environments that use password expiration could 
be done. Tested with heimdal kdc (file and ldap db) and win2008r2 kdc on 
several machines. This bug stops us from migrating to the next LTS in our 
environment. Thinking it should be fixed.
  Heimdal KDC logs are in the attachment. What I can see in these logs is that 
lucid heimdal kinit doesn't send REQ-ENC-PA-REP patype while precise kinits 
send. May this be the reason? If more info is needed please just ask.

  How to reproduce:

  # apt-get -y install heimdal-kdc
  # cat > /etc/krb5.conf
  [libdefaults]
default_realm = TEST.LAN

  [realms]
TEST.LAN = {
kdc=127.0.0.1
}

  # kadmin -l init TEST.LAN
  # kadmin -l add test
  Max ticket life [1 day]:
  Max renewable life [1 week]:
  Principal expiration time [never]:
  Password expiration time [never]:2000-01-01 # Set expiration time to the 
past
  Attributes []:
  Policy [default]:
  t...@test.lan's Password: 
  Verify password - t...@test.lan's Password:

  # apt-get -y install heimdal-clients
  # dpkg -l |grep heimdal-clients
  ii  heimdal-clients  1.6~git20120311.dfsg.1-2   Heimdal 
Kerberos - clients
  # kinit --version
  kinit (Heimdal 1.5.99)
  Copyright 1995-2011 Kungliga Tekniska Högskolan
  Send bug-reports to heimdal-b...@h5l.org
  # kinit test
  t...@test.lan's Password: 
  kinit: krb5_get_init_creds: Password has expired

  And no asking for changing password.

  # apt-get -y install krb5-user
  # dpkg -l |grep krb5-user
  ii  krb5-user   1.10+dfsg~beta1-2Basic 
programs to authenticate using MIT Kerberos
  # kinit test
  Password for t...@test.lan: 
  kinit: Generic preauthentication failure while getting initial credentials

  And no asking for changing password again.
  But kpasswd works fine (heimdal & mit):
  # kpasswd test
  t...@test.lan's Password: 
  Your password will expire at Tue Jan  2 02:59:59 2000

  New password for t...@test.lan: 
  Verify password - New password for t...@test.lan: 
  Success : Password changed

  The same time all works fine with ubuntu 10.04 heimdal (1.2) and
  freebsd 9.0 heimdal (1.1) (kdc is still from ubuntu 12.04), it does
  change password if it's required.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1004465/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

[Touch-packages] [Bug 1004465] Re: heimdal and mit kinit doesn't handle expired credentials

4 matches

Site Navigation

Mail list logo

Footer information