[krbdev.mit.edu #7661] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Jun 7 00:47:00 EDT 2013
Refactor KDC renewable ticket handling
Create a new helper to compute the renewable lifetime for AS and TGS
requests. This has some minor behavior differences:
* We only issue a renewable ticket if the renewable lifetime is greater
than the normal ticket lifetime.
* We give RENEWABLE precedence over RENEWABLE-OK in determining the
requested renewable lifetime, instead of sometimes doing the
reverse.
* We use the client's maximum renewable life for TGS requests if we
have looked up its DB entry.
* Instead of rejecting requests for renewable tickets (if the client
or server principal doesn't allow it, or a TGS request's TGT isn't
renewable), issue non-renewable tickets.
https://github.com/krb5/krb5/commit/4f551a7ec126c52ee1f8fea4c3954015b70987bd
Author: Greg Hudson <ghudson at mit.edu>
Commit: 4f551a7ec126c52ee1f8fea4c3954015b70987bd
Branch: master
src/kdc/do_as_req.c | 29 ++-------------------
src/kdc/do_tgs_req.c | 28 +++-----------------
src/kdc/kdc_util.c | 56 +++++++++++++++++++++++++++++++++++------
src/kdc/kdc_util.h | 5 +++
src/kdc/tgs_policy.c | 2 +-
src/tests/t_renew.py | 68 ++++++++++++++++++++++++++++++++++++++++++++++---
6 files changed, 124 insertions(+), 64 deletions(-)
More information about the krb5-bugs
mailing list