Remove support for setting a client flag indicating pkinit is used on the db entry.
authorSam Hartman <hartmans@mit.edu>
Sat, 3 Jan 2009 23:20:35 +0000 (23:20 +0000)
committerSam Hartman <hartmans@mit.edu>
Sat, 3 Jan 2009 23:20:35 +0000 (23:20 +0000)
I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c.
Also, the flag should be documented to indicate what it means--client attempted pkinit?  Client succeeded in using pkinit?
I also wonder  whether you want a mechanism for a db plugin to figure out  all the padata or fast factors that a request is using.
Note that  this flag will need to be added back by at least one vendor.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21694 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/do_as_req.c

index 36b550250c0bfe4db3d8209c68f1a18c322e8007..12d645980aaa4737d75b7d98746bcc9ff087399b 100644 (file)
@@ -508,9 +508,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
        goto errout;
     }
 
-    if (find_pa_data(reply.padata, KRB5_PADATA_PK_AS_REP))
-       c_flags |= KRB5_KDB_FLAG_PKINIT;
-
     errcode = handle_authdata(kdc_context,
                              c_flags,
                              &client,