[16813] in Kerberos-V5-bugs
[krbdev.mit.edu #9049] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jan 27 16:58:01 2022
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-2222513-1643320658-843.9049-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9049":;
Date: Thu, 27 Jan 2022 16:57:38 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Thu Jan 27 16:57:38 2022: Request 9049 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9049 >
Add replace_reply_key kdcpreauth callback
Provide an explicit way for kdcpreauth modules to replace the reply
key, and internally track when the reply key is fully replaced (as
opposed to strengthened by replacing it with a derivative of the
client long-term key). Use this facility in the FAST OTP, PKINIT, and
SPAKE kdcpreauth modules.
https://github.com/krb5/krb5/commit/ff57dc682a27bd205d715f3c0bed84890f2453c4
Author: Greg Hudson <ghudson@mit.edu>
Commit: ff57dc682a27bd205d715f3c0bed84890f2453c4
Branch: master
src/include/krb5/kdcpreauth_plugin.h | 29 +++++++++++++----
src/kdc/do_as_req.c | 5 +--
src/kdc/kdc_preauth.c | 22 ++++++++++++-
src/kdc/kdc_util.h | 1 +
src/plugins/preauth/otp/main.c | 51 +++++++++++++------------------
src/plugins/preauth/pkinit/pkinit_srv.c | 41 +++++++++++++------------
src/plugins/preauth/spake/spake_kdc.c | 24 +++-----------
7 files changed, 92 insertions(+), 81 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
