[krbdev.mit.edu #7027] FAST PKINIT

Tom Yu via RT rt-comment at krbdev.mit.edu
Mon Nov 28 14:04:47 EST 2011

Previous message: [krbdev.mit.edu #7026] SVN Commit
Next message: [krbdev.mit.edu #7028] libgssapi_krb5.so.2.2 crashes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Per RFC 6113 fast should use the inner request body for the pkinit
checksum. We did that on the KDC; now do so on the client.  Remove
code that explicitly blocked pkinit under FAST.

Also, use the reply key *before* the strengthen key is applied when
verifying the PADATA_PKINIT_KX.

Add FAST pkinit test.


http://src.mit.edu/fisheye/changelog/krb5/?cs=25486

Previous message: [krbdev.mit.edu #7026] SVN Commit
Next message: [krbdev.mit.edu #7028] libgssapi_krb5.so.2.2 crashes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list