[krbdev.mit.edu #7109] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Apr 2 13:49:59 EDT 2012
Make cross-TGT key rollover work from AD to MIT
Active Directory always issues cross-realm tickets without a kvno,
which we see as kvno 0. When we see that, try the highest kvno (as we
already do) and then a few preceding kvnos so that key rollover of the
AD->MIT cross TGT can work.
Add new helpers kdc_rd_ap_req, which takes the place of a couple of
steps from kdc_process_tgs_req, and find_server_key, which takes the
place of some of the end steps of kdc_get_server_key.
Code changes by Nicolas Williams. Test cases by me.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25799
Commit By: ghudson
Revision: 25799
Changed Files:
U trunk/src/kdc/kdc_util.c
U trunk/src/tests/t_keyrollover.py
More information about the krb5-bugs
mailing list