projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e147113) | patch
pull up r25486 from trunk
authorTom Yu <tlyu@mit.edu>
Mon, 5 Dec 2011 23:12:03 +0000 (23:12 +0000)
committerTom Yu <tlyu@mit.edu>
Mon, 5 Dec 2011 23:12:03 +0000 (23:12 +0000)
commite946c778f0331aabd203fe6838a86bf1d2097633
treec1bc5a59a00546f8ef341a9187668cce0d8fac28tree | snapshot
parente147113d1c72cb3c989e43eb40696414cf2e3582commit | diff
pull up r25486 from trunk

 ------------------------------------------------------------------------
 r25486 | hartmans | 2011-11-22 20:00:27 -0500 (Tue, 22 Nov 2011) | 14 lines

     ticket: new
     subject: FAST PKINIT
     target_version: 1.10
     tags: pullup

     Per RFC 6113 fast should use the inner request body for the pkinit
     checksum. We did that on the KDC; now do so on the client.  Remove
     code that explicitly blocked pkinit under FAST.

     Also, use the reply key *before* the strengthen key is applied when
     verifying the PADATA_PKINIT_KX.

     Add FAST pkinit test.

ticket: 7027
version_fixed: 1.10
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25516 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/krb5/krb/fast.c diff | blob | history
src/lib/krb5/krb/get_in_tkt.c diff | blob | history
src/lib/krb5/krb/init_creds_ctx.h diff | blob | history
src/plugins/preauth/pkinit/pkinit_clnt.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_srv.c diff | blob | history
src/tests/t_anonpkinit.py diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.