Closed Bug 536028 Opened 15 years ago Closed 15 years ago

After changing server name it doesn't check if GSSAPI principal exist

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 530319

People

(Reporter: shopik, Unassigned)

Details

I have two DNS records both points to same ip address, mail.example.org and server.example.org. I've created new account and entered mail.example.org my KDC doesn't have principal imap/mail.example.org so it won't work. I go into account settings and change server name to server.example.org which does have principal imap/server.example.org. After I changed this and restarted Thunderbird it will still try to acquire tickets for imap/mail.example.org, account must be deleted and created with correct server name to make Thunderbird check for new server name principal.
Same apply to SMTP server and probably to POP3.
I can only confirm this on Windows right now, I'm using Kerberos for Windows but same happens with SSPI too.
This is security problem, Thunderbird WILL send Kerberos ticket to different server w/o acquiring new ticket for new server name.
Ah, yes. I already found this during my work on the other bug.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.