[11840] in Kerberos-V5-bugs
[krbdev.mit.edu #6839] SVN Commit
daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Tue Dec 14 18:10:42 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6839@krbdev.mit.edu>
Message-ID: <rt-6839-33631.4.7123344110539@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6839'":;"'AdminCc of krbdev.mit.edu Ticket #6839'":;@MIT.EDU
Date: Tue, 14 Dec 2010 18:10:37 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
pull up r24564 from trunk
------------------------------------------------------------------------
r24564 | tlyu | 2010-12-09 20:06:26 -0500 (Thu, 09 Dec 2010) | 18 lines
ticket: 6839
subject: handle MS PACs that lack server checksum
target_version 1.9
tags: pullup
Apple Mac OS X Server's Open Directory KDC issues MS PAC like
authorization data that lacks a server checksum. If this checksum is
missing, mark the PAC as unverfied, but allow
krb5int_authdata_verify() to succeed. Filter out the unverified PAC
in subsequent calls to krb5_authdata_get_attribute(). Add trace
points to indicate where this behavior occurs.
Thanks to Helmut Grohne for help with analysis. This bug is also
Debian Bug #604925:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925
This change should also get backported to krb5-1.8.x.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24569
Commit By: tlyu
Revision: 24569
Changed Files:
U branches/krb5-1-9/src/include/k5-trace.h
U branches/krb5-1-9/src/lib/krb5/krb/pac.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
