[11475] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #6687] SVN Commit

daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Mon Mar 22 21:58:32 2010

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6687@krbdev.mit.edu>
Message-ID: <rt-6687-32651.10.6173235092526@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6687'":;"'AdminCc of krbdev.mit.edu Ticket #6687'":;@MIT.EDU
Date: Mon, 22 Mar 2010 21:58:30 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


pull up r23821 from trunk

 ------------------------------------------------------------------------
 r23821 | ghudson | 2010-03-19 20:50:06 -0700 (Fri, 19 Mar 2010) | 17 lines

 ticket: 6687
 subject: Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
 target_version: 1.8.1
 tags: pullup

 KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data
 type, was used to implement PAC-less constrained delegation in krb5
 1.8.  Unfortunately, it was found that Microsoft was using 142 for
 other purposes, which could result in a ticket issued by an MIT or
 Heimdal KDC being rejected by a Windows Server 2008 R2 application
 server.  Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate
 among a realm's KDCs, it is relatively easy to change the number, so
 MIT and Heimdal are both migrating to a new number.  This change will
 cause a transitional interoperability issue when a realm mixes MIT
 krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal
 1.3.2) KDCs, but only for constrained delegation evidence tickets.

http://src.mit.edu/fisheye/changelog/krb5/?cs=23828
Commit By: tlyu
Revision: 23828
Changed Files:
U   branches/krb5-1-8/src/include/krb5/krb5.hin

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post