[16493] in Kerberos-V5-bugs
[krbdev.mit.edu #8884] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Mar 9 14:12:05 2020
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-100994-1583777501-1212.8884-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8884":;
Date: Mon, 09 Mar 2020 14:11:41 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Mon Mar 09 14:11:41 2020: Request 8884 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8884 >
Change KDC constrained-delegation precedence order
MS-SFU errata from 2019/12/09 indicates that legacy constrained
delegation should be prefered over resource-based constrained
delegation, which results slight diferences.
Also clarify that in the get_authdata_info KDB method, the PAC must be
verified and checked for user sensitivity for S4U2Proxy. Document
that the client name should only be provided in the cross-realm
S4U2Proxy case.
[ghudson@mit.edu: clarified comments and commit message]
https://github.com/krb5/krb5/commit/cf6b710518bd6da8c491ee4020a9ad8ded321d66
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: cf6b710518bd6da8c491ee4020a9ad8ded321d66
Branch: master
src/include/kdb.h | 9 ++-
src/kdc/kdc_util.c | 167 ++++++++++++++++++++------------------------
src/tests/gssapi/t_s4u.py | 32 ++++++---
src/tests/t_audit.py | 2 +-
4 files changed, 107 insertions(+), 103 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
