pull up r24399 from trunk
------------------------------------------------------------------------
r24399 | ghudson | 2010-09-30 23:45:43 -0400 (Thu, 30 Sep 2010) | 12 lines
ticket: 6768
subject: GSSAPI forwarded credentials must be encrypted in session key
target_version: 1.8.4
tags: pullup
When IAKERB support was added, the krb5_mk_req checksum function
gained access to the send subkey. This caused GSSAPI forwarded
credentials to be encrypted in the subkey, which violates RFC 4121
section 4.1.1 and is not accepted by Microsoft's implementation.
Temporarily null out the send subkey in the auth context so that
krb5_mk_ncred uses the session key instead.
ticket: 6768
version_fixed: 1.8.4
target_version: 1.8.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24460
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit