[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP, Heimdal, kpasswd crash (ITS#2386)



This is a bug in Heimdal, the Heimdal library is dereferencing a NULL pointer
because it didn't first check to see if the pointer was valid. I suggest you
report this bug to the Heimdal maintainers.

Use of this Kerberos passwd feature is discouraged; your clients should use
SASL/GSSAPI instead. Using the Kerberos password in this manner exposes it on
the network, which completely violates the Kerberos security model. No one
should ever use this feature.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ipm@ufl.edu

> Full_Name: Iain Moffat
> Version: 2.1.15
> OS: AIX 5.1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.227.212.234)
>
>
> The following is a core generated when a user attempts to
> bind, but has a
> password that is expired in kerberos.  This is using OpenLDAP
> 2.1.15, and the
> latest Heimdal from CVS.  Please do not hesitate to contact
> me if you need more
> information.  Thanks!
>
> -Iain