krb5 commit: Include etype-info in for hardware preauth hints
Greg Hudson
ghudson at mit.edu
Mon Jan 8 12:39:50 EST 2018
https://github.com/krb5/krb5/commit/ba92da05accc524b8037453b63ced1a6c65fd2a1
commit ba92da05accc524b8037453b63ced1a6c65fd2a1
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jan 3 11:59:14 2018 -0500
Include etype-info in for hardware preauth hints
If a principal has the requires_hwauth bit set, include PA-ETYPE-INFO
or PA-ETYPE-INFO2 padata in the PREAUTH_REQUIRED error, as preauth
mechs involving hardware tokens may also use the principal's Kerberos
password.
ticket: 8629
src/kdc/kdc_preauth.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 81d0b8c..739c5e7 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -144,7 +144,7 @@ static preauth_system static_preauth_systems[] = {
{
"etype-info",
KRB5_PADATA_ETYPE_INFO,
- 0,
+ PA_HARDWARE,
NULL,
NULL,
NULL,
@@ -155,7 +155,7 @@ static preauth_system static_preauth_systems[] = {
{
"etype-info2",
KRB5_PADATA_ETYPE_INFO2,
- 0,
+ PA_HARDWARE,
NULL,
NULL,
NULL,
More information about the cvs-krb5
mailing list