[16230] in Kerberos-V5-bugs
[krbdev.mit.edu #8763] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Jan 7 11:19:25 2019
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: Greg Hudson via RT <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8763@krbdev.mit.edu>
Message-ID: <rt-8763-49253.18.9847824776759@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8763'":;
Date: Mon, 7 Jan 2019 11:19:17 -0500
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Ignore password attributes for S4U2Self requests
For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.
Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.
[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]
(cherry picked from commit 5e6d1796106df8ba6bc1973ee0917c170d929086)
https://github.com/krb5/krb5/commit/18f64cd1dea7d213fd9d337bdb831eca2a86d2fa
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 18f64cd1dea7d213fd9d337bdb831eca2a86d2fa
Branch: krb5-1.17
src/kdc/kdc_util.c | 5 +++++
src/lib/krb5/krb/s4u_creds.c | 2 +-
src/tests/gssapi/t_s4u.py | 8 ++++++++
3 files changed, 14 insertions(+), 1 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
