]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd82bf3) | patch
Change KDC constrained-delegation precedence order 1032/head
authorIsaac Boukris <iboukris@gmail.com>
Wed, 29 Jan 2020 21:35:50 +0000 (22:35 +0100)
committerGreg Hudson <ghudson@mit.edu>
Mon, 9 Mar 2020 18:10:41 +0000 (14:10 -0400)
commitcf6b710518bd6da8c491ee4020a9ad8ded321d66
tree0f03866f96303bb41fb2e6065a348bd614ba8bc3tree
parentcd82bf377e7fad2409c76bf8b241920692f34fdacommit | diff
Change KDC constrained-delegation precedence order

MS-SFU errata from 2019/12/09 indicates that legacy constrained
delegation should be prefered over resource-based constrained
delegation, which results slight diferences.

Also clarify that in the get_authdata_info KDB method, the PAC must be
verified and checked for user sensitivity for S4U2Proxy.  Document
that the client name should only be provided in the cross-realm
S4U2Proxy case.

[ghudson@mit.edu: clarified comments and commit message]

ticket: 8884 (new)
tags: pullup
target_version: 1.18-next
src/include/kdb.h diff | blob | blame | history
src/kdc/kdc_util.c diff | blob | blame | history
src/tests/gssapi/t_s4u.py diff | blob | blame | history
src/tests/t_audit.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git