[krbdev.mit.edu #7027] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon Dec 5 18:12:04 EST 2011
pull up r25486 from trunk
------------------------------------------------------------------------
r25486 | hartmans | 2011-11-22 20:00:27 -0500 (Tue, 22 Nov 2011) | 14 lines
ticket: new
subject: FAST PKINIT
target_version: 1.10
tags: pullup
Per RFC 6113 fast should use the inner request body for the pkinit
checksum. We did that on the KDC; now do so on the client. Remove
code that explicitly blocked pkinit under FAST.
Also, use the reply key *before* the strengthen key is applied when
verifying the PADATA_PKINIT_KX.
Add FAST pkinit test.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25516
Commit By: tlyu
Revision: 25516
Changed Files:
U branches/krb5-1-10/src/lib/krb5/krb/fast.c
U branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c
U branches/krb5-1-10/src/lib/krb5/krb/init_creds_ctx.h
U branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_clnt.c
U branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_srv.c
U branches/krb5-1-10/src/tests/t_anonpkinit.py
More information about the krb5-bugs
mailing list