projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 168f7bf) | patch
handle MS PACs that lack server checksum
authorTom Yu <tlyu@mit.edu>
Fri, 10 Dec 2010 01:06:26 +0000 (01:06 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 10 Dec 2010 01:06:26 +0000 (01:06 +0000)
commit96f83b4084af2acd9ff3f7a3304efb22c9e05171
tree648aecdfdfb2f663d75ef71f0448ddf4d57b3b76tree | snapshot
parent168f7bfc5927ab8bf6faad3e08ad8f32a99ee2fbcommit | diff
handle MS PACs that lack server checksum

target_version 1.9
tags: pullup

Apple Mac OS X Server's Open Directory KDC issues MS PAC like
authorization data that lacks a server checksum.  If this checksum is
missing, mark the PAC as unverfied, but allow
krb5int_authdata_verify() to succeed.  Filter out the unverified PAC
in subsequent calls to krb5_authdata_get_attribute().  Add trace
points to indicate where this behavior occurs.

Thanks to Helmut Grohne for help with analysis.  This bug is also
Debian Bug #604925:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925

This change should also get backported to krb5-1.8.x.

ticket: 6839

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24564 dc483132-0cff-0310-8789-dd5450dbe970
src/include/k5-trace.h diff | blob | history
src/lib/krb5/krb/pac.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.