[krbdev.mit.edu #7790] PoC to fix cross realm S4U2Self
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Feb 4 12:50:57 EST 2015
Microsoft's answer confirmed that an enterprise principal is the most
general way for a server to identify itself when making an S4U2Self
request to another realm's KDC, and expressed an intent to update their
documentation (but they don't seem to have done so yet).
I thought I had previously heard that you had a cleaned-up version of
this patch. If so, you could make a pull request on github.com/krb5 or
send it here. If all you have so far is the PoC patch, we will find
time to clean it up and integrate it some time during the 1.14
development cycle.
More information about the krb5-bugs
mailing list