[11371] in Kerberos-V5-bugs
[krbdev.mit.edu #6655] SVN Commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Feb 4 22:43:57 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6655@krbdev.mit.edu>
Message-ID: <rt-6655-32363.10.2999525012662@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6655'":;"'AdminCc of krbdev.mit.edu Ticket #6655'":;@MIT.EDU
Date: Thu, 4 Feb 2010 22:43:55 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.
Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).
http://src.mit.edu/fisheye/changelog/krb5/?cs=23697
Commit By: ghudson
Revision: 23697
Changed Files:
U trunk/src/kdc/kdc_authdata.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
