Baseline authz data criticality in MIT krb5?
hartmans at MIT.EDU
Mon Feb 18 16:42:00 EST 2002
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at ubsw.com> writes:
Nicolas> From what I can see there is no check for critical
Nicolas> authorization data in the baseline rd_req() functions in
Nicolas> the MIT krb5 distro. There ought to be. This means adding
Nicolas> code to check for AD-IF-RELEVANT and friends at the very
Nicolas> least and causing rd_req() to return an error if any
Nicolas> critical authz data elements are present that are also
Nicolas> not understood by MIT krb5.
Yeah, didn't we talk about this Tuesday in the SIPB office?
More information about the krbdev