Learn more about these different git repos.
Other Git URLs
I attempted to perform a password change against a Kerberos KDC that had certain password restrictions in place. It returned the following message (comprised of 295 characters) from the KDC:
Password change rejected: New password does not have enough character classes. The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters (e.g., control characters). Please choose a password with at least 4 character classes.
This message was not reported to me at the command prompt. Instead I received only:
passwd: Authentication token manipulation error
Looking into the code, the source of the problem is that the response messages have a fixed size of 255 characters (defined by MAX_CHILD_MSG_SIZE). If a component of the message sent into pack_response_packet() would cause the message to exceed MAX_CHILD_MSG_SIZE, it is dropped. This means that we will still return the appropriate error code, but no message to tell the user why it failed.
SSSD should handle an arbitrary length response message, rather than preallocating the response buffer. It is very important that we not deprive the user of any advisory information.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.1.1
owner: sbose => sgallagh status: new => assigned
Fixed by f539717
fixedin: => 1.1.1 resolution: => fixed status: assigned => closed
rhbz: => 0
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.1.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1474
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.