]> git.ipfire.org Git - thirdparty/krb5.git/commit
Simplify and improve ksu cred verification
authorNalin Dahyabhai <nalin@redhat.com>
Tue, 19 Aug 2014 18:07:26 +0000 (14:07 -0400)
committerGreg Hudson <ghudson@mit.edu>
Wed, 20 Aug 2014 18:14:25 +0000 (14:14 -0400)
commitbbfe19f03bdeca7b05b542dbae4c1692c9800c70
tree0aafce118d664e470ac76d671618fb87233bfea6
parenta7a8e3186a21c15132cd8fb6c141afcf25a1fb74
Simplify and improve ksu cred verification

When verifying the user's initial credentials, don't compute a server
name and preemptively obtain creds for it.  This change allows
krb5_verify_init_creds to use any host key in the keytab, and not just
the one for the canonicalized local hostname.

[ghudson@mit.edu: rewrote commit message]

ticket: 7996 (new)
target_version: 1.13
tags: pullup
src/clients/ksu/krb_auth_su.c