[krbdev.mit.edu #8763] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Sat Dec 8 22:11:21 EST 2018
Ignore password attributes for S4U2Self requests
For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.
Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.
[ghudson at mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
Author: Isaac Boukris <iboukris at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 5e6d1796106df8ba6bc1973ee0917c170d929086
Branch: master
src/kdc/kdc_util.c | 5 +++++
src/lib/krb5/krb/s4u_creds.c | 2 +-
src/tests/gssapi/t_s4u.py | 8 ++++++++
3 files changed, 14 insertions(+), 1 deletions(-)
More information about the krb5-bugs
mailing list