[krbdev.mit.edu #1624] SVN Commit

Tom Yu via RT rt-comment at krbdev.mit.edu
Wed Apr 15 16:07:16 EDT 2009 

pull up r22154, r22159, r22160 from trunk

 ------------------------------------------------------------------------
 r22160 | hartmans | 2009-04-02 23:33:01 -0400 (Thu, 02 Apr 2009) | 12 lines
 Changed paths:
    M /trunk/doc/admin.texinfo
    M /trunk/src/appl/bsd/kcmd.c
    M /trunk/src/config-files/krb5.conf.M
    M /trunk/src/lib/krb5/krb/init_ctx.c
    M /trunk/src/lib/krb5/krb/mk_req_ext.c

 ticket: 1624

 Unfortunately, pre-1.7 krshd fails to support keyed checksums because
 it uses the wrong API and wrong key usage.  So, if the auth_context
 has an explicit checksum type set, then respect that.  kcmd sets such
 a checksum type.  Also, because other applications may have the same
 problem, allow the config file variable if set to override the default
 checksum.

 * kcmd.c: Force use of rsa_md5
 * init_ctx.c: do not default  to md5
 * mk_req_ext.c: allow auth_context to override
 ------------------------------------------------------------------------
 r22159 | tlyu | 2009-04-02 19:30:28 -0400 (Thu, 02 Apr 2009) | 3 lines
 Changed paths:
    M /trunk/src/appl/bsd/krlogind.c
    M /trunk/src/appl/bsd/krshd.c

 ticket: 1624

 Fix krshd and krlogind to use krb5_c_verify_checksum.
 ------------------------------------------------------------------------
 r22154 | hartmans | 2009-04-01 14:25:02 -0400 (Wed, 01 Apr 2009) | 8 lines
 Changed paths:
    M /trunk/doc/admin.texinfo
    M /trunk/src/config-files/krb5.conf.M
    M /trunk/src/lib/krb5/krb/mk_req_ext.c
    M /trunk/src/lib/krb5/krb/send_tgs.c

 ticket: 1624
 Target_version: 1.7
 tags: pullup

 Use the preferred checksum for non-DES keys in the kdc_req path and
 all the time in the ap_req checksum path.  This breaks code to support
 DCE versions prior to 1.1 but uses the correct checksum for protocol
 compatibility.

http://src.mit.edu/fisheye/changelog/krb5/?cs=22243
Commit By: tlyu
Revision: 22243
Changed Files:
U   branches/krb5-1-7/doc/admin.texinfo
U   branches/krb5-1-7/src/appl/bsd/kcmd.c
U   branches/krb5-1-7/src/appl/bsd/krlogind.c
U   branches/krb5-1-7/src/appl/bsd/krshd.c
U   branches/krb5-1-7/src/config-files/krb5.conf.M
U   branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c
U   branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c
U   branches/krb5-1-7/src/lib/krb5/krb/send_tgs.c

More information about the krb5-bugs mailing list