RT RT/krbdev.mit.edu: Ticket #8649 Allow validation of PACs with enterprise names Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
8649
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.16.1
Target_Version
  • 1.16-next
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Wed Mar 14 11:59:09 2018
Starts: Not set
Started: Wed Mar 14 11:59:10 2018
Last Contact: Not set
Due: Not set
Updated: Wed May 2 10:16:07 2018 by ghudson
 

 People  
Owner
 ghudson
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Wed Mar 14 11:59:09 2018  ghudson - Ticket created    
     
From: ghudson@mit.edu
Subject: git commit


Allow validation of PACs with enterprise names

In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.

[ghudson@mit.edu: rewrote commit message; adjusted style]

https://github.com/krb5/krb5/commit/f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Branch: master
 src/lib/krb5/krb/pac.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)


Download (untitled) 749b
      Wed Mar 14 11:59:09 2018  ghudson - Target_Version 1.16-next added    
      Wed Mar 14 11:59:10 2018  ghudson - Tags pullup added    
      Wed Mar 14 11:59:10 2018  ghudson - Requestor ghudson@mit.edu added    
      Wed Mar 14 11:59:10 2018  ghudson - Status changed from new to resolved    
      Wed May  2 01:25:39 2018  ghudson - Version_Fixed 1.16.1 added    
      Wed May  2 01:25:39 2018  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: git commit


Allow validation of PACs with enterprise names

In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.

[ghudson@mit.edu: rewrote commit message; adjusted style]

(cherry picked from commit f876aab80a69f9b934cd7f4e2339e3815aa8c4bf)

https://github.com/krb5/krb5/commit/dccffae20a818466650f23230294e9c9ee4e0e5a
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: dccffae20a818466650f23230294e9c9ee4e0e5a
Branch: krb5-1.16
 src/lib/krb5/krb/pac.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)


Download (untitled) 822b
      Wed May  2 10:16:07 2018  ghudson - Keyword pullup deleted