]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96e5d38) | patch
Allow cross-realm RBCD with PAC and other authdata
authorIsaac Boukris <iboukris@gmail.com>
Wed, 15 Jan 2020 10:14:00 +0000 (11:14 +0100)
committerGreg Hudson <ghudson@mit.edu>
Wed, 22 Jan 2020 18:00:19 +0000 (13:00 -0500)
commit94f7c9705879500b1dc8dda8592490efce05688f
treef111a795cf36fb937fe32a161d9654d5a95206dbtree
parent96e5d384acf174e6079b0aeeec14bd8100d24840commit | diff
Allow cross-realm RBCD with PAC and other authdata

For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element.  For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.

Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.

[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]

ticket: 8868 (new)
tags: pullup
target_version: 1.18
src/include/kdb.h diff | blob | blame | history
src/kdc/kdc_authdata.c diff | blob | blame | history
src/plugins/kdb/test/kdb_test.c diff | blob | blame | history
src/tests/gssapi/t_s4u.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git