Use an empty challenge for the password question

If a question's challenge is NULL, it is unnecessarily difficult for a
responder callback to detect whether it was asked.  So it's better to
use an empty challenge when there is no challenge data to communicate.
Do this for the "password" question.

ticket: 7499 (new)
target_version: 1.11
tags: pullup

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 8ffa342be62295f95d6239008d4b1a552306969c..30da8c9b364cc57f80bb87fd51d6a029444ad3ba 100644 (file)
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -36,7 +36,7 @@ krb5_get_as_key_password(krb5_context context,
 
         return k5_response_items_ask_question(ritems,
                                               KRB5_RESPONDER_QUESTION_PASSWORD,
-                                              NULL );
+                                              "");
     }
 
     /* If there's already a key of the correct etype, we're done.