Closed
Bug 536028
Opened 15 years ago
Closed 15 years ago
After changing server name it doesn't check if GSSAPI principal exist
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 530319
People
(Reporter: shopik, Unassigned)
Details
I have two DNS records both points to same ip address, mail.example.org and server.example.org. I've created new account and entered mail.example.org my KDC doesn't have principal imap/mail.example.org so it won't work. I go into account settings and change server name to server.example.org which does have principal imap/server.example.org. After I changed this and restarted Thunderbird it will still try to acquire tickets for imap/mail.example.org, account must be deleted and created with correct server name to make Thunderbird check for new server name principal.
Same apply to SMTP server and probably to POP3.
I can only confirm this on Windows right now, I'm using Kerberos for Windows but same happens with SSPI too.
Reporter | ||
Comment 1•15 years ago
|
||
This is security problem, Thunderbird WILL send Kerberos ticket to different server w/o acquiring new ticket for new server name.
Comment 2•15 years ago
|
||
Ah, yes. I already found this during my work on the other bug.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•