[krbdev.mit.edu #7555] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Sep 3 23:30:29 EDT 2013
Tighten up referral recognition in KDC TGS code
In do_tgs_req(), treat the search_sprinc() result as a referral only
if it is a cross-TGS principal and it doesn't match the requested
server principal. This change fixes two corner cases: (1) when a
client requests a cross-realm TGT, we won't squash the name type in
the response; and (2) if we are serving multiple realms out of the
same KDB, we will properly handle aliases to any local-realm TGT, not
just the one for the configured realm name.
https://github.com/krb5/krb5/commit/2f37634ae89f8bd13ec64120fce56ba5613c498c
Author: Greg Hudson <ghudson at mit.edu>
Commit: 2f37634ae89f8bd13ec64120fce56ba5613c498c
Branch: master
src/kdc/do_tgs_req.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list