[krbdev.mit.edu #7698] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Aug 28 13:51:31 EDT 2013
Fix KDC reply service principal for aliases
If a client requests a service ticket for the alias of a service
principal, RFC 6806 section 6 requires that the KDC issue a ticket
which appears to be for the alias and not for the canonical name.
After calling search_sprinc(), only replace request->server with
server->princ if the latter is a TGT; this will be the case for an
alternate cross-realm TGT or a host referral, but not for a simple
service alias.
https://github.com/krb5/krb5/commit/24a29f8c0f9f78f96e3795410e202b139fce6236
Author: Greg Hudson <ghudson at mit.edu>
Commit: 24a29f8c0f9f78f96e3795410e202b139fce6236
Branch: master
src/kdc/do_tgs_req.c | 23 +++++++++++++++--------
1 files changed, 15 insertions(+), 8 deletions(-)
More information about the krb5-bugs
mailing list