svn rev #21572: branches/mskrb-integ/src/kdc/
lhoward@MIT.EDU
lhoward at MIT.EDU
Mon Dec 22 22:59:27 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21572
Commit By: lhoward
Log Message:
cleanup
Changed Files:
U branches/mskrb-integ/src/kdc/kdc_authdata.c
Modified: branches/mskrb-integ/src/kdc/kdc_authdata.c
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_authdata.c 2008-12-23 03:56:28 UTC (rev 21571)
+++ branches/mskrb-integ/src/kdc/kdc_authdata.c 2008-12-23 03:59:26 UTC (rev 21572)
@@ -450,7 +450,7 @@
* if it was present in the TGT, the client is from another realm
* or protocol transition/constrained delegation was used, or, in
* the AS-REQ case, if the pre-auth data indicated the PAC should
- * be absent.
+ * be present.
*
* We permit sign_authorization_data() to return a krb5_db_entry
* representing the principal associated with the authorization
@@ -522,7 +522,7 @@
}
if (ad_nprincs != 0) {
- if (tgs_req &&
+ if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE);
More information about the cvs-krb5
mailing list