[krbdev.mit.edu #8648] git commit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8648] git commit

Greg Hudson via RT-2

Add PKINIT client support for freshness token

Send an empty PA_AS_FRESHNESS padata item in unauthenticated AS
requests to indicate support for RFC 8070.  If the KDC includes a
PA_AS_FRESHNESS value in its method data, echo it back in the new
freshnessToken field of pkAuthenticator

https://github.com/krb5/krb5/commit/085785362e01467cb25c79a90dcebfba9ea019d8
Author: Greg Hudson <[hidden email]>
Commit: 085785362e01467cb25c79a90dcebfba9ea019d8
Branch: master
 doc/user/user_commands/kinit.rst          |    3 +++
 src/include/k5-int-pkinit.h               |    1 +
 src/include/krb5/krb5.hin                 |    1 +
 src/lib/krb5/asn.1/asn1_k_encode.c        |    5 ++++-
 src/lib/krb5/krb/get_in_tkt.c             |   12 ++++++++----
 src/lib/krb5/krb/init_creds_ctx.h         |    2 +-
 src/plugins/preauth/pkinit/pkinit.h       |    3 +++
 src/plugins/preauth/pkinit/pkinit_clnt.c  |   19 ++++++++++++++++++-
 src/plugins/preauth/pkinit/pkinit_lib.c   |    3 +++
 src/plugins/preauth/pkinit/pkinit_trace.h |    2 ++
 src/tests/asn.1/ktest.c                   |    4 ++++
 src/tests/asn.1/pkinit_encode.out         |    2 +-
 src/tests/asn.1/pkinit_trval.out          |    1 +
 13 files changed, 50 insertions(+), 8 deletions(-)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs