[Date Prev][Date Next]
RE: OpenLDAP, Heimdal, kpasswd crash (ITS#2386)
Thanks for the note back. I will follow up with the Heimdal folks.
Yes we would absolutely love to have all of our clients capable of doing
SASL/GSSAPI. Unfortunately I think it will be quite a while before we are
there. We have _many_ clients that simply can't do SASL/GSSAPI ranging
from mail clients to vendor applications.
BTW, OpenLDAP 2.1.x is great! Thanks for all the work you all have done!
On Thu, 20 Mar 2003, Howard Chu wrote:
> This is a bug in Heimdal, the Heimdal library is dereferencing a NULL pointer
> because it didn't first check to see if the pointer was valid. I suggest you
> report this bug to the Heimdal maintainers.
> Use of this Kerberos passwd feature is discouraged; your clients should use
> SASL/GSSAPI instead. Using the Kerberos password in this manner exposes it on
> the network, which completely violates the Kerberos security model. No one
> should ever use this feature.
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
> > -----Original Message-----
> > From: owner-openldap-bugs@OpenLDAP.org
> > [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of firstname.lastname@example.org
> > Full_Name: Iain Moffat
> > Version: 2.1.15
> > OS: AIX 5.1
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (220.127.116.11)
> > The following is a core generated when a user attempts to
> > bind, but has a
> > password that is expired in kerberos. This is using OpenLDAP
> > 2.1.15, and the
> > latest Heimdal from CVS. Please do not hesitate to contact
> > me if you need more
> > information. Thanks!
> > -Iain