projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 01bd1ce) | patch
ticket: new
authorSam Hartman <hartmans@mit.edu>
Wed, 23 Nov 2011 01:00:27 +0000 (01:00 +0000)
committerSam Hartman <hartmans@mit.edu>
Wed, 23 Nov 2011 01:00:27 +0000 (01:00 +0000)
commitadfcfdce396468f93dce5fb56c7509d138a11e5c
tree74daa40bd00c461da828adfef8fcf9ed28399eeatree | snapshot
parent01bd1cedd0fb24b7578b3c4b563f065dd113e3d7commit | diff
ticket: new
    subject: FAST PKINIT
    target_version: 1.10
    tags: pullup

    Per RFC 6113 fast should use the inner request body for the pkinit
    checksum. We did that on the KDC; now do so on the client.  Remove
    code that explicitly blocked pkinit under FAST.

    Also, use the reply key *before* the strengthen key is applied when
    verifying the PADATA_PKINIT_KX.

    Add FAST pkinit test.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/krb5/krb/fast.c diff | blob | history
src/lib/krb5/krb/get_in_tkt.c diff | blob | history
src/lib/krb5/krb/init_creds_ctx.h diff | blob | history
src/plugins/preauth/pkinit/pkinit_clnt.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_srv.c diff | blob | history
src/tests/t_anonpkinit.py diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.