[krbdev.mit.edu #8659] SPAKE client asks for password before checking for second-factor support

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8659] SPAKE client asks for password before checking for second-factor support

Jeffrey Arbuckle via RT
spake_prep_questions() and spake_process() both indicate a need for the
AS key as soon as they receive a challenge from the KDC, before
checking whether the client can satisfy any of the second factor types
offered by the KDC.  We should check the second factor offer first.

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs