[16451] in Kerberos-V5-bugs
[krbdev.mit.edu #8868] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jan 22 14:10:41 2020
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-73371-1579720234-421.8868-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8868":;
Date: Wed, 22 Jan 2020 14:10:34 -0500
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Wed Jan 22 14:10:34 2020: Request 8868 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8868 >
Allow cross-realm RBCD with PAC and other authdata
For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element. For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.
Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.
[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]
https://github.com/krb5/krb5/commit/94f7c9705879500b1dc8dda8592490efce05688f
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 94f7c9705879500b1dc8dda8592490efce05688f
Branch: master
src/include/kdb.h | 6 +++---
src/kdc/kdc_authdata.c | 21 ++++++++-------------
src/plugins/kdb/test/kdb_test.c | 23 ++++++-----------------
src/tests/gssapi/t_s4u.py | 3 ---
4 files changed, 17 insertions(+), 36 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
