git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Sam Hartman <hartmans@mit.edu>
	Wed, 23 Dec 2009 21:10:30 +0000 (21:10 +0000)
committer	Sam Hartman <hartmans@mit.edu>
	Wed, 23 Dec 2009 21:10:30 +0000 (21:10 +0000)
commit	e95ea8f8428041134a835890033d1eef8dca2a06
tree	0d3ca3a95ba4eb1d71b08e964e43ad4f263bc4b0	tree
parent	1392110b1809ef5b47a08271c7219c1c7c201db0	commit \| diff

pkinit authentication only works for TGT

Pkinit's verification of the KDC SAN requires that the certificate
have a SAN for the server principal. That's not correct according to
RFC 4556. The KDC should have a SAN for the TGS principal; that's
independent of whether the TGS principal is actually the server.

Fix to build the TGS principal explicitly.

ticket: 6605

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23504 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/preauth/pkinit/pkinit_clnt.c

diff | blob | blame | history

Mirror of https://github.com/krb5/krb5.git

RSS Atom