Constrained delegation without PAC support
authorGreg Hudson <ghudson@mit.edu>
Sat, 14 Nov 2009 04:46:30 +0000 (04:46 +0000)
committerGreg Hudson <ghudson@mit.edu>
Sat, 14 Nov 2009 04:46:30 +0000 (04:46 +0000)
commit0524889196c42d81dcc4c74277522b46f987cabb
tree9f906eb1a4a32346ae94837c4fe199410e2dd10f
parent26044e2a3c3104b9c3f32a6ae58145e7e6394672
Constrained delegation without PAC support

Merge Luke's users/lhoward/s4u2proxy branch to trunk.  Implements a
Heimdal-compatible mechanism for allowing constrained delegation
without back-end support for PACs.  Back-end support exists in LDAP
only (via a new krbAllowedToDelegateTo attribute), not DB2.

ticket: 6580

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
27 files changed:
src/include/k5-int.h
src/include/krb5/krb5.hin
src/kdc/do_tgs_req.c
src/kdc/kdc_authdata.c
src/lib/krb5/asn.1/asn1_k_decode.c
src/lib/krb5/asn.1/asn1_k_decode.h
src/lib/krb5/asn.1/asn1_k_encode.c
src/lib/krb5/asn.1/krb5_decode.c
src/lib/krb5/krb/copy_auth.c
src/lib/krb5/krb/kfree.c
src/lib/krb5/libkrb5.exports
src/plugins/authdata/greet_server/greet_auth.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
src/tests/asn.1/krb5_decode_leak.c
src/tests/asn.1/krb5_decode_test.c
src/tests/asn.1/krb5_encode_test.c
src/tests/asn.1/ktest.c
src/tests/asn.1/ktest.h
src/tests/asn.1/ktest_equal.c
src/tests/asn.1/ktest_equal.h
src/tests/asn.1/reference_encode.out
src/tests/asn.1/trval_reference.out