[krbdev.mit.edu #6655] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Feb 4 22:43:55 EST 2010
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.
Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).
http://src.mit.edu/fisheye/changelog/krb5/?cs=23697
Commit By: ghudson
Revision: 23697
Changed Files:
U trunk/src/kdc/kdc_authdata.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h
More information about the krb5-bugs
mailing list