[krbdev.mit.edu #8780] git commit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[krbdev.mit.edu #8780] git commit

Norm Green via RT

Expand S4U2Self exception in KDC lineage check

An S4U2Self TGS-REQ using only a certificate to identify the user will
not include PA-FOR-USER, so we need to check both types when making an
exception in the lineage check.  (S4U2Self requests are allowed to
bypass the lineage check because cross-realm S4U2Self ends with a
backwards cross-realm request to the server realm.)

[[hidden email]: factored out padata check; deindented the code block
by combining conditionals; rewrote commit message]

Author: Isaac Boukris <[hidden email]>
Committer: Greg Hudson <[hidden email]>
Commit: 26c3818737cf16d476043a4acec8afb0fa67e47f
Branch: master
 src/kdc/kdc_util.c |   27 +++++++++++++++++----------
 1 files changed, 17 insertions(+), 10 deletions(-)

krb5-bugs mailing list
[hidden email]