Petr Grolmus <[email protected]> writes: > As we tried it, it works great for expiring password and password > change. But, now we have another problem. When the master_kdc is set and > user use a wrong password the kerberos protocol (kinit) returns
> Generic preauthentication failure while getting initial credentials > instead of > Password incorrect while getting initial credentials (without master_kdc > option) > and WebAuth generates "Unrecovarable error occured" instead of new login > form. Is this in connection with your bug report > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670457 and probably will > help upgrade of KRB libraries (and/or KRB servers??) or can we managed it > somewhere in configuration or code of WebKDC? We have installed libkrb5 in > version 1.10+dfsg~beta1-2. Ah, yes, indeed, this is exactly that problem. I should have realized that the master_kdc retry would have that same problem. Unfortunately, the bug is internal to the Kerberos libraries and very difficult to work around in application code. > Yes, you are right... I expected a redirect to that URL before form > shows, not after the form submmit. It works fine. Oh, cool, okay. -- Russ Allbery <[email protected]> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
