[30093] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Include etype-info in for hardware preauth hints

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jan 8 12:39:56 2018

Date: Mon, 8 Jan 2018 12:39:50 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201801081739.w08HdoEO031014@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/ba92da05accc524b8037453b63ced1a6c65fd2a1
commit ba92da05accc524b8037453b63ced1a6c65fd2a1
Author: Greg Hudson <ghudson@mit.edu>
Date:   Wed Jan 3 11:59:14 2018 -0500

    Include etype-info in for hardware preauth hints
    
    If a principal has the requires_hwauth bit set, include PA-ETYPE-INFO
    or PA-ETYPE-INFO2 padata in the PREAUTH_REQUIRED error, as preauth
    mechs involving hardware tokens may also use the principal's Kerberos
    password.
    
    ticket: 8629

 src/kdc/kdc_preauth.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 81d0b8c..739c5e7 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -144,7 +144,7 @@ static preauth_system static_preauth_systems[] = {
     {
         "etype-info",
         KRB5_PADATA_ETYPE_INFO,
-        0,
+        PA_HARDWARE,
         NULL,
         NULL,
         NULL,
@@ -155,7 +155,7 @@ static preauth_system static_preauth_systems[] = {
     {
         "etype-info2",
         KRB5_PADATA_ETYPE_INFO2,
-        0,
+        PA_HARDWARE,
         NULL,
         NULL,
         NULL,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post