Is there a fix available for CAN-2003-0190
Darren Tucker
dtucker at zip.com.au
Thu Dec 23 08:57:09 EST 2004
Sergio Gelato wrote:
> I see that the rest of that function has an "if (problem) goto out;" after
> every krb5 library call. Doesn't that also introduce measurable time
> differences? Interesting.
Possibly, but if the latter calls can't be safely done if the earlier
ones fail then there may be no way to solve that.
> Maybe one should fill in a dummy, valid authctxt in such cases, and
> make a note to fail the authentication at the end of the process.
That's what authctxt->valid is. The dummy information is populated by
auth.c:fakewpw().
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list