[CalendarServer-changes] [13268] PyKerberos/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Sun Apr 13 08:09:55 PDT 2014
Revision: 13268
http://trac.calendarserver.org//changeset/13268
Author: cdaboo at apple.com
Date: 2014-04-13 08:09:55 -0700 (Sun, 13 Apr 2014)
Log Message:
-----------
Add warning about use of checkPassword.
Modified Paths:
--------------
PyKerberos/trunk/README.txt
PyKerberos/trunk/pysrc/kerberos.py
Modified: PyKerberos/trunk/README.txt
===================================================================
--- PyKerberos/trunk/README.txt 2014-04-13 14:50:07 UTC (rev 13267)
+++ PyKerberos/trunk/README.txt 2014-04-13 15:09:55 UTC (rev 13268)
@@ -44,6 +44,14 @@
'http at host.example.com')
+IMPORTANT
+=========
+
+The checkPassword method provided by this library is meant only for testing purposes as it does
+not offer any protection against possible KDC spoofing. That method should not be used in any
+production code.
+
+
Python APIs
===========
Modified: PyKerberos/trunk/pysrc/kerberos.py
===================================================================
--- PyKerberos/trunk/pysrc/kerberos.py 2014-04-13 14:50:07 UTC (rev 13267)
+++ PyKerberos/trunk/pysrc/kerberos.py 2014-04-13 15:09:55 UTC (rev 13268)
@@ -38,12 +38,16 @@
That will likely mean ensuring that the edu.mit.Kerberos preference file has the correct
realms and KDCs listed.
+ IMPORTANT This method is vulnerable to KDC spoofing attacks and it should only used
+ for testing. Do not use this in any production system - your security could be
+ compromised if you do.
+
@param user: a string containing the Kerberos user name. A realm may be
included by appending an '@' followed by the realm string to the actual user id.
If no realm is supplied, then the realm set in the default_realm argument will
be used.
@param pswd: a string containing the password for the user.
- @param service: a string containging the Kerberos service to check access for.
+ @param service: a string containing the Kerberos service to check access for.
This will be of the form 'sss/xx.yy.zz', where 'sss' is the service identifier
(e.g., 'http', 'krbtgt'), and 'xx.yy.zz' is the hostname of the server.
@param default_realm: a string containing the default realm to use if one is not
@@ -61,7 +65,7 @@
If no realm is supplied, then the realm set in the default_realm argument will
be used.
@param oldpswd: a string containing the old (current) password for the user.
- @param newpswd: a string containging the new password for the user.
+ @param newpswd: a string containing the new password for the user.
@return: True if password changing succeeds, False otherwise.
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140413/bf8b0ce5/attachment.html>
More information about the calendarserver-changes
mailing list