]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 23ef16a) | patch
Ignore password attributes for S4U2Self requests 874/head
authorIsaac Boukris <iboukris@gmail.com>
Mon, 3 Dec 2018 00:33:07 +0000 (02:33 +0200)
committerGreg Hudson <ghudson@mit.edu>
Sat, 8 Dec 2018 20:21:14 +0000 (15:21 -0500)
commit5e6d1796106df8ba6bc1973ee0917c170d929086
tree49a9ba21286538ff7942e7ccb303fc69a28780fctree
parent23ef16ac32554e547ac42a9cb79d9040af8de5bacommit | diff
Ignore password attributes for S4U2Self requests

For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.

Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.

[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]

ticket: 8763 (new)
tags: pullup
target_version: 1.17
src/kdc/kdc_util.c diff | blob | blame | history
src/lib/krb5/krb/s4u_creds.c diff | blob | blame | history
src/tests/gssapi/t_s4u.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git