[krbdev.mit.edu #7871] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed Nov 21 00:10:39 EST 2018
Clear forwardable flag instead of denying request
If the client requests a forwardable or proxiable ticket and the
option cannot be honored by policy, issue a non-forwardable or
non-proxiable ticket rather than denying the request.
Add a test script for testing KDC request options and populate it with
tests for the forwardable and proxiable flags.
https://github.com/krb5/krb5/commit/08e948cce2c79a3604066fcf7a64fc527456f83d
Author: Greg Hudson <ghudson at mit.edu>
Commit: 08e948cce2c79a3604066fcf7a64fc527456f83d
Branch: master
src/kdc/do_as_req.c | 19 ++------
src/kdc/do_tgs_req.c | 58 +++++---------------------
src/kdc/kdc_util.c | 82 +++++++++++++++++++++----------------
src/kdc/kdc_util.h | 9 ++--
src/kdc/tgs_policy.c | 8 +---
src/tests/Makefile.in | 1 +
src/tests/gcred.c | 28 +++++++++----
src/tests/t_kdcoptions.py | 100 +++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 190 insertions(+), 115 deletions(-)
More information about the krb5-bugs
mailing list