svn rev #21694: trunk/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Sat Jan 3 18:20:36 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21694
Commit By: hartmans
Log Message:
Remove support for setting a client flag indicating pkinit is used on the db entry.
I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c.
Also, the flag should be documented to indicate what it means--client attempted pkinit? Client succeeded in using pkinit?
I also wonder whether you want a mechanism for a db plugin to figure out all the padata or fast factors that a request is using.
Note that this flag will need to be added back by at least one vendor.
Changed Files:
U trunk/src/kdc/do_as_req.c
Modified: trunk/src/kdc/do_as_req.c
===================================================================
--- trunk/src/kdc/do_as_req.c 2009-01-03 23:20:31 UTC (rev 21693)
+++ trunk/src/kdc/do_as_req.c 2009-01-03 23:20:35 UTC (rev 21694)
@@ -508,9 +508,6 @@
goto errout;
}
- if (find_pa_data(reply.padata, KRB5_PADATA_PK_AS_REP))
- c_flags |= KRB5_KDB_FLAG_PKINIT;
-
errcode = handle_authdata(kdc_context,
c_flags,
&client,
More information about the cvs-krb5
mailing list