projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f19f78) | patch
Make cross-TGT key rollover work from AD to MIT
authorGreg Hudson <ghudson@mit.edu>
Mon, 2 Apr 2012 17:49:56 +0000 (17:49 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 2 Apr 2012 17:49:56 +0000 (17:49 +0000)
commitd345f8234f52ea776ba781707a202409933b2477
treeeb7aa1860c8c05058bb4e066ab03e5d9f632056ftree | snapshot
parent3f19f78897bcc370261cae11fb7ac18378e3055ccommit | diff
Make cross-TGT key rollover work from AD to MIT

Active Directory always issues cross-realm tickets without a kvno,
which we see as kvno 0.  When we see that, try the highest kvno (as we
already do) and then a few preceding kvnos so that key rollover of the
AD->MIT cross TGT can work.

Add new helpers kdc_rd_ap_req, which takes the place of a couple of
steps from kdc_process_tgs_req, and find_server_key, which takes the
place of some of the end steps of kdc_get_server_key.

Code changes by Nicolas Williams.  Test cases by me.

ticket: 7109

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25799 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/kdc_util.c diff | blob | history
src/tests/t_keyrollover.py diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.