projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a47489b) | patch
KDC MUST NOT accept ap-request armor in FAST TGS
authorSam Hartman <hartmans@mit.edu>
Tue, 24 Nov 2009 01:05:30 +0000 (01:05 +0000)
committerSam Hartman <hartmans@mit.edu>
Tue, 24 Nov 2009 01:05:30 +0000 (01:05 +0000)
commitd55064e02f1078be49e9ff4200bc98cff7002834
tree265ac9aa5120bd645944c7423ca811e381b28f23tree | snapshot
parenta47489bddf97bb20dc561500ba581a5b64c7479acommit | diff
KDC MUST NOT accept ap-request armor in FAST TGS

Per the latest preauth framework spec, the working group has decided
to forbid ap-request armor in the TGS request because of security
problems with that armor type.

This commit was tested against an implementation of FAST TGS client to
confirm that if explicit armor is sent, the request is rejected.

ticket: 6585
target_version: 1.7.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23325 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/fast_util.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.