[krbdev.mit.edu #7933] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Jun 13 00:41:54 EDT 2014
Remove pkinit_win2k_require_binding option
When constructing a draft9 PKINIT request, always include
KRB5_PADATA_AS_CHECKSUM padata to ask for an RFC 4556 ReplyKeyPack.
Do not accept a draft9 ReplyKeyPack in the KDC response.
For now, retain the krb5_reply_key_pack_draft9 ASN.1 codec and the KDC
support for generating a draft9 ReplyKeyPack when a draft9 PKINIT
request does not contain KRB5_PADATA_AS_CHECKSUM.
https://github.com/krb5/krb5/commit/823bad7f3f314647feb14284bc36fa231c9c7875
Author: Greg Hudson <ghudson at mit.edu>
Commit: 823bad7f3f314647feb14284bc36fa231c9c7875
Branch: master
doc/admin/conf_files/krb5_conf.rst | 5 ----
src/plugins/preauth/pkinit/pkinit.h | 2 -
src/plugins/preauth/pkinit/pkinit_clnt.c | 38 +++--------------------------
src/plugins/preauth/pkinit/pkinit_lib.c | 1 -
4 files changed, 4 insertions(+), 42 deletions(-)
More information about the krb5-bugs
mailing list