[30093] in CVS-changelog-for-Kerberos-V5
krb5 commit: Include etype-info in for hardware preauth hints
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jan 8 12:39:56 2018
Date: Mon, 8 Jan 2018 12:39:50 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201801081739.w08HdoEO031014@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/ba92da05accc524b8037453b63ced1a6c65fd2a1
commit ba92da05accc524b8037453b63ced1a6c65fd2a1
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Jan 3 11:59:14 2018 -0500
Include etype-info in for hardware preauth hints
If a principal has the requires_hwauth bit set, include PA-ETYPE-INFO
or PA-ETYPE-INFO2 padata in the PREAUTH_REQUIRED error, as preauth
mechs involving hardware tokens may also use the principal's Kerberos
password.
ticket: 8629
src/kdc/kdc_preauth.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 81d0b8c..739c5e7 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -144,7 +144,7 @@ static preauth_system static_preauth_systems[] = {
{
"etype-info",
KRB5_PADATA_ETYPE_INFO,
- 0,
+ PA_HARDWARE,
NULL,
NULL,
NULL,
@@ -155,7 +155,7 @@ static preauth_system static_preauth_systems[] = {
{
"etype-info2",
KRB5_PADATA_ETYPE_INFO2,
- 0,
+ PA_HARDWARE,
NULL,
NULL,
NULL,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5