[krbdev.mit.edu #6839] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Dec 9 20:06:27 EST 2010
target_version 1.9
tags: pullup
Apple Mac OS X Server's Open Directory KDC issues MS PAC like
authorization data that lacks a server checksum. If this checksum is
missing, mark the PAC as unverfied, but allow
krb5int_authdata_verify() to succeed. Filter out the unverified PAC
in subsequent calls to krb5_authdata_get_attribute(). Add trace
points to indicate where this behavior occurs.
Thanks to Helmut Grohne for help with analysis. This bug is also
Debian Bug #604925:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925
This change should also get backported to krb5-1.8.x.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24564
Commit By: tlyu
Revision: 24564
Changed Files:
U trunk/src/include/k5-trace.h
U trunk/src/lib/krb5/krb/pac.c
More information about the krb5-bugs
mailing list