[16354] in Kerberos-V5-bugs
[krbdev.mit.edu #8829] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Sep 9 10:34:25 2019
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-22187-1568039632-1179.8829-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8829":;
Date: Mon, 09 Sep 2019 10:33:52 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Mon Sep 09 10:33:52 2019: Request 8829 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8829 >
Fix authdata signatures for non-TGT AS-REQs
PACs (as well as anything wrapped in CAMMAC) should be signed using
the local TGT key. Cross-realm TGS requests, ticket renewal and
validation requests, and non-TGT AS requests currently do not pass the
local TGT DB entry or its key to sign_authdata(), forcing the KDB
module to do a redundant lookup in order to properly sign PACs.
Rename the existing krbtgt and krbtgt_key parameters to header_server
and header_key, to better indicate that they are for the header ticket
server. For AS requests, pass NULL for these parameters instead of
passing a duplicate of server/server_key.
Add local_tgt and local_tgt_key parameters for the realm's local TGT
and its first key.
[ghudson@mit.edu: rewrote commit message]
https://github.com/krb5/krb5/commit/15349afaaedcf1113382a92bd3a34b7cedd0129f
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 15349afaaedcf1113382a92bd3a34b7cedd0129f
Branch: master
src/include/kdb.h | 30 ++++++++++++++++++------------
src/kdc/kdc_authdata.c | 27 +++++++++------------------
src/lib/kdb/kdb5.c | 14 ++++++++------
src/plugins/kdb/test/kdb_test.c | 7 ++++---
4 files changed, 39 insertions(+), 39 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
