krb5 commit: Use the canonical client principal name for OTP
Greg Hudson
ghudson at mit.edu
Thu Apr 6 12:12:04 EDT 2017
https://github.com/krb5/krb5/commit/6411398e35e343cdc4d2d103b079c4d3b9031f7e
commit 6411398e35e343cdc4d2d103b079c4d3b9031f7e
Author: Matt Rogers <mrogers at redhat.com>
Date: Wed Apr 5 16:48:55 2017 -0400
Use the canonical client principal name for OTP
In the OTP module, when constructing the RADIUS request, use the
canonicalized client principal (using the new client_name kdcpreauth
callback) instead of the request client principal.
ticket: 8571 (new)
src/plugins/preauth/otp/main.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index 2649e9a..a1b6816 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -331,7 +331,8 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
/* Send the request. */
otp_state_verify((otp_state *)moddata, cb->event_context(context, rock),
- request->client, config, req, on_response, rs);
+ cb->client_name(context, rock), config, req, on_response,
+ rs);
cb->free_string(context, rock, config);
k5_free_pa_otp_req(context, req);
More information about the cvs-krb5
mailing list