ticket: new
authorSam Hartman <hartmans@mit.edu>
Wed, 23 Nov 2011 01:00:27 +0000 (01:00 +0000)
committerSam Hartman <hartmans@mit.edu>
Wed, 23 Nov 2011 01:00:27 +0000 (01:00 +0000)
commitadfcfdce396468f93dce5fb56c7509d138a11e5c
tree74daa40bd00c461da828adfef8fcf9ed28399eea
parent01bd1cedd0fb24b7578b3c4b563f065dd113e3d7
ticket: new
    subject: FAST PKINIT
    target_version: 1.10
    tags: pullup

    Per RFC 6113 fast should use the inner request body for the pkinit
    checksum. We did that on the KDC; now do so on the client.  Remove
    code that explicitly blocked pkinit under FAST.

    Also, use the reply key *before* the strengthen key is applied when
    verifying the PADATA_PKINIT_KX.

    Add FAST pkinit test.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/krb5/krb/fast.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/init_creds_ctx.h
src/plugins/preauth/pkinit/pkinit_clnt.c
src/plugins/preauth/pkinit/pkinit_srv.c
src/tests/t_anonpkinit.py