[krbdev.mit.edu #8648] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Mar 19 17:12:20 EDT 2018
Add PKINIT client support for freshness token
Send an empty PA_AS_FRESHNESS padata item in unauthenticated AS
requests to indicate support for RFC 8070. If the KDC includes a
PA_AS_FRESHNESS value in its method data, echo it back in the new
freshnessToken field of pkAuthenticator
https://github.com/krb5/krb5/commit/085785362e01467cb25c79a90dcebfba9ea019d8
Author: Greg Hudson <ghudson at mit.edu>
Commit: 085785362e01467cb25c79a90dcebfba9ea019d8
Branch: master
doc/user/user_commands/kinit.rst | 3 +++
src/include/k5-int-pkinit.h | 1 +
src/include/krb5/krb5.hin | 1 +
src/lib/krb5/asn.1/asn1_k_encode.c | 5 ++++-
src/lib/krb5/krb/get_in_tkt.c | 12 ++++++++----
src/lib/krb5/krb/init_creds_ctx.h | 2 +-
src/plugins/preauth/pkinit/pkinit.h | 3 +++
src/plugins/preauth/pkinit/pkinit_clnt.c | 19 ++++++++++++++++++-
src/plugins/preauth/pkinit/pkinit_lib.c | 3 +++
src/plugins/preauth/pkinit/pkinit_trace.h | 2 ++
src/tests/asn.1/ktest.c | 4 ++++
src/tests/asn.1/pkinit_encode.out | 2 +-
src/tests/asn.1/pkinit_trval.out | 1 +
13 files changed, 50 insertions(+), 8 deletions(-)
More information about the krb5-bugs
mailing list