projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32a72f8)
pull up r23603 from trunk
authorTom Yu <tlyu@mit.edu>
Fri, 8 Jan 2010 23:43:02 +0000 (23:43 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 8 Jan 2010 23:43:02 +0000 (23:43 +0000)
 ------------------------------------------------------------------------
 r23603 | hartmans | 2010-01-07 13:32:15 -0500 (Thu, 07 Jan 2010) | 7 lines

 subject: Always treat anonymous as preauth required
 ticket: 6623
 target_version: 1.8
 tags: pullup

 Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication.  The anonymous draft depends on a pre-auth exchange to invoke pkinit.

ticket: 6623
version_fixed: 1.8
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23616 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/do_as_req.c patch | blob | history

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 55493ba77964f856daafc6f952f3f26d1c8dd221..83d3101b641b3d42c4dffd9da24783b6bed7daef 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -407,6 +407,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
             goto errout;
         }
         enc_tkt_reply.client = request->client;
+        setflag(client.attributes, KRB5_KDB_REQUIRES_PRE_AUTH);
     }
     /*
      * Check the preauthentication if it is there.
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.