[krbdev.mit.edu #6948] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Apr 29 12:09:33 EDT 2013
Better fix for not using expired TGTs in TGS-REQs
We want to generate a KRB5_AP_ERR_TKT_EXPIRED code when the TGT is
expired, like we would if we tried the TGT against the KCD. To make
this work, separate the helpers for getting local and crossrealm
cached TGTs. For a crossrealm TGT, match against the endtime, as
there could be multiple entries. For a local TGT, find any match, but
check if it's expired. The cache_code field is no longer needed after
this change, so get rid of it.
https://github.com/krb5/krb5/commit/bcece3a8289dcce0dc0a2bf7a35ed339ee9a98ec
Author: Greg Hudson <ghudson at mit.edu>
Commit: bcece3a8289dcce0dc0a2bf7a35ed339ee9a98ec
Branch: master
src/lib/krb5/krb/get_creds.c | 144 ++++++++++++++++++++++++++---------------
1 files changed, 91 insertions(+), 53 deletions(-)
More information about the krb5-bugs
mailing list