projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bebdddf) | patch
Fix cross-realm handling of AD-SIGNEDPATH
authorGreg Hudson <ghudson@mit.edu>
Fri, 5 Feb 2010 03:43:54 +0000 (03:43 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 5 Feb 2010 03:43:54 +0000 (03:43 +0000)
commit6581735ddea7215935e91c34a2103de1acfe3952
tree4903c4e428d912a25124525c7fe8a0e5a9250f25tree | snapshot
parentbebdddf413bc4edbe6a738f6f01aa3428d2e8381commit | diff
Fix cross-realm handling of AD-SIGNEDPATH

Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.

Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).

ticket: 6655
target_version: 1.8
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23697 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/kdc_authdata.c diff | blob | history
src/kdc/kdc_util.c diff | blob | history
src/kdc/kdc_util.h diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.