[16503] in Kerberos-V5-bugs
[krbdev.mit.edu #8884] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Mar 18 12:53:38 2020
From: "Greg Hudson via RT" <rt@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-96870-1584550395-1146.8884-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8884":;
Date: Wed, 18 Mar 2020 12:53:15 -0400
MIME-Version: 1.0
Reply-To: rt@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8884 >
Change KDC constrained-delegation precedence order
MS-SFU errata from 2019/12/09 indicates that legacy constrained
delegation should be prefered over resource-based constrained
delegation, which results slight diferences.
Also clarify that in the get_authdata_info KDB method, the PAC must be
verified and checked for user sensitivity for S4U2Proxy. Document
that the client name should only be provided in the cross-realm
S4U2Proxy case.
[ghudson@mit.edu: clarified comments and commit message]
(cherry picked from commit cf6b710518bd6da8c491ee4020a9ad8ded321d66)
https://github.com/krb5/krb5/commit/c61905eb0c589b3046b81b61d635eb08c8667302
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: c61905eb0c589b3046b81b61d635eb08c8667302
Branch: krb5-1.18
src/include/kdb.h | 9 ++-
src/kdc/kdc_util.c | 167 ++++++++++++++++++++------------------------
src/tests/gssapi/t_s4u.py | 32 ++++++---
src/tests/t_audit.py | 2 +-
4 files changed, 107 insertions(+), 103 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
