From ce30071a8723efcee8592e795ebfb2f875785544 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 9 May 2011 22:05:48 +0000 Subject: [PATCH] fix regression in r24853: PAC no longer exposed Windows PAC is not AD-KDCIssued, rather it is signed with the long-term service session key (or user-to-user key). Advertise this correctly in the internal authorization data SPI. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24922 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/pac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 84aecec84..7d28c2bc8 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -675,7 +675,7 @@ mspac_flags(krb5_context kcontext, krb5_authdatatype ad_type, krb5_flags *flags) { - *flags = AD_USAGE_KDC_ISSUED; + *flags = AD_USAGE_TGS_REQ; } static void -- 2.26.2