[krbdev.mit.edu #8544] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Feb 9 11:18:04 EST 2017
Avoid draft 9 fallback after PKINIT failure
If a KDC offers both RFC 4556 and draft 9 PKINIT, and we experience a
client-side failure trying RFC 4556 PKINIT (e.g. due to the user
entering the wrong PKCS #11 PIN), do not try to use draft 9 PKINIT.
https://github.com/krb5/krb5/commit/0963fa5f0d01d81d3c4088088b94c455f033e921
Author: Greg Hudson <ghudson at mit.edu>
Commit: 0963fa5f0d01d81d3c4088088b94c455f033e921
Branch: master
src/plugins/preauth/pkinit/pkinit.h | 1 +
src/plugins/preauth/pkinit/pkinit_clnt.c | 7 +++++++
src/plugins/preauth/pkinit/pkinit_trace.h | 2 ++
src/tests/t_pkinit.py | 8 ++++++++
4 files changed, 18 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list