fix regression in r24853: PAC no longer exposed
authorLuke Howard <lukeh@padl.com>
Mon, 9 May 2011 22:05:48 +0000 (22:05 +0000)
committerLuke Howard <lukeh@padl.com>
Mon, 9 May 2011 22:05:48 +0000 (22:05 +0000)
Windows PAC is not AD-KDCIssued, rather it is signed with the long-term
service session key (or user-to-user key). Advertise this correctly in
the internal authorization data SPI.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24922 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/pac.c

index 84aecec84e9365fbab006add342e17cf2c6ff98c..7d28c2bc85e2d0982d259abed2243fdf0e0eb2e5 100644 (file)
@@ -675,7 +675,7 @@ mspac_flags(krb5_context kcontext,
             krb5_authdatatype ad_type,
             krb5_flags *flags)
 {
-    *flags = AD_USAGE_KDC_ISSUED;
+    *flags = AD_USAGE_TGS_REQ;
 }
 
 static void