RT RT/krbdev.mit.edu: Ticket #7694 gsskrb5_extract_authz_data_from_sec_context misses AD-IF-RELEVANT containers Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
7694
Status
open
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Sun Aug 18 16:04:54 2013
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Not set
Updated: Sun Aug 18 16:04:54 2013 by ghudson
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Sun Aug 18 16:04:54 2013  ghudson - Ticket created    
     
Subject: gsskrb5_extract_authz_data_from_sec_context misses AD-IF-RELEVANT

gsskrb5_extract_authz_data_from_sec_context was added to make it possible
to get the PAC from a sec context, and is currently the only interface
shared between MIT krb5 and Heimdal for that purpose.  (The current
preferred method, gss_get_name_attribute with the key "urn:mspac:", is not
yet implemented in Heimdal.)

Unfortunately, gsskrb5_extract_authz_data_from_sec_context does not look
inside AD-IF-RELEVANT containers, and PACs are now shipped in those
containers.  So it's mostly useless for the intended purpose.  We should
use krb5_find_authdata to find the authorization data element instead.


Download (untitled) 610b