[12113] in Kerberos-V5-bugs
[krbdev.mit.edu #6976] SVN Commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sat Oct 15 12:06:19 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6976@krbdev.mit.edu>
Message-ID: <rt-6976-34329.13.5095101462891@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6976'":;"'AdminCc of krbdev.mit.edu Ticket #6976'":;@MIT.EDU
Date: Sat, 15 Oct 2011 12:06:04 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Remove the gak_fct, gak_data, salt, s2kparams, and as_key arguments
of krb5_clpreauth_process_fn and krb5_clpreauth_tryagain_fn. To
replace them, add two callbacks: one which gets the AS key using the
previously selected etype-info2 information, and a second which lets
the module replace the AS key with one it has computed.
This changes limits module flexibility in a few ways. Modules cannot
check whether the AS key was already obtained before asking for it,
and they cannot use the etype-info2 salt and s2kparams for purposes
other than getting the password-based AS key. It is believed that
of existing preauth mechanisms, only SAM-2 preauth needs more
flexibility than the new interfaces provide, and as an internal legacy
mechanism it can cheat. Future mechanisms should be okay since the
current IETF philosophy is that etype-info2 information should not be
used for other purposes.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25351
Commit By: ghudson
Revision: 25351
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/include/krb5/preauth_plugin.h
U trunk/src/lib/krb5/krb/get_in_tkt.c
U trunk/src/lib/krb5/krb/preauth2.c
U trunk/src/lib/krb5/krb/preauth_ec.c
U trunk/src/lib/krb5/krb/preauth_encts.c
U trunk/src/plugins/preauth/cksum_body/cksum_body_main.c
U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
U trunk/src/plugins/preauth/wpse/wpse_main.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
