svn rev #22146: branches/fast/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Thu Mar 26 01:37:45 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22146
Commit By: hartmans
Log Message:
When FAST is enabled, do not use encrypted timestamp
pre-authentication. FAST mandates encrypted challenge. Encrypted
timestamp ends up using the raw client key in the AS reply. Also, if
encrypted timestamp is enabled, it is preferred to any plugin.
Changed Files:
U branches/fast/src/kdc/kdc_preauth.c
Modified: branches/fast/src/kdc/kdc_preauth.c
===================================================================
--- branches/fast/src/kdc/kdc_preauth.c 2009-03-26 05:37:41 UTC (rev 22145)
+++ branches/fast/src/kdc/kdc_preauth.c 2009-03-26 05:37:45 UTC (rev 22146)
@@ -133,6 +133,12 @@
krb5_data **e_data,
krb5_authdata ***authz_data);
+static krb5_error_code get_enc_ts
+ (krb5_context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_system_context,
+ krb5_pa_data *data);
static krb5_error_code get_etype_info
(krb5_context, krb5_kdc_req *request,
krb5_db_entry *client, krb5_db_entry *server,
@@ -279,7 +285,7 @@
NULL,
NULL,
NULL,
- 0,
+ get_enc_ts,
verify_enc_timestamp,
0
},
@@ -1365,7 +1371,20 @@
return 0;
}
-
+static krb5_error_code get_enc_ts
+ (krb5_context context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data_proc,
+ void *pa_system_context,
+ krb5_pa_data *data)
+{
+ struct kdc_request_state *state = request->kdc_state;
+ if (state->armor_key)
+ return ENOENT;
+ return 0;
+}
+
+
static krb5_error_code
verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
krb5_data *req_pkt,
More information about the cvs-krb5
mailing list