projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e668d2) | patch
GSSAPI forwarded credentials must be encrypted in session key
authorGreg Hudson <ghudson@mit.edu>
Fri, 1 Oct 2010 03:45:43 +0000 (03:45 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 1 Oct 2010 03:45:43 +0000 (03:45 +0000)
commitbb441175c30679eb913a839b87478b96923bbaae
tree768dac7e21addb64aada458af4d5e54d51982cf1tree | snapshot
parent3e668d20274d528775f7d9c10caff946c10760e2commit | diff
GSSAPI forwarded credentials must be encrypted in session key

When IAKERB support was added, the krb5_mk_req checksum function
gained access to the send subkey.  This caused GSSAPI forwarded
credentials to be encrypted in the subkey, which violates RFC 4121
section 4.1.1 and is not accepted by Microsoft's implementation.
Temporarily null out the send subkey in the auth context so that
krb5_mk_ncred uses the session key instead.

ticket: 6768
target_version: 1.8.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24399 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/krb5/init_sec_context.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.