[krbdev.mit.edu #8870] git commit
Greg Hudson via RT
rt at KRBDEV-PROD-APP-1.mit.edu
Mon Jan 27 11:06:04 EST 2020
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8870 >
Honor transited-policy-checked flag in servers
For consistency with Heimdal and simplicity of server configuration,
do not check the transited field in krb5_rd_req() if the
transited-policy-checked flag is set in the ticket.
Add a cross-realm test using the gcred and rdreq harnesses to test
server transited processing. Also fix the KDC capaths case so that
the client actually doesn't know the path to the server realm. In
k5test.py, adjust _cfg_merge() to remove keys mapped to None in the
second dictionary (instead of mapping them to None in the result), so
that deleting whole sections works. Remove the corresponding check
for None in _write_cfg_section() as it is no longer needed.
(cherry picked from commit a5aa5969bc6ed404b86318b47c38dfc3d3aeb8df)
https://github.com/krb5/krb5/commit/4c091ce4b14a418ec027bd1b61cafe25f259cc85
Author: Greg Hudson <ghudson at mit.edu>
Commit: 4c091ce4b14a418ec027bd1b61cafe25f259cc85
Branch: krb5-1.18
src/lib/krb5/krb/rd_req_dec.c | 11 ++++++---
src/tests/gcred.c | 10 +++++++-
src/tests/t_crossrealm.py | 43 +++++++++++++++++++++++++++++++++++-----
src/util/k5test.py | 6 +++-
4 files changed, 56 insertions(+), 14 deletions(-)
More information about the krb5-bugs
mailing list