RT RT/krbdev.mit.edu: Ticket #8763 Ignore password attributes for S4U2Self requests Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
8763
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.17
Target_Version
  • 1.17
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Sat Dec 8 22:11:21 2018
Starts: Not set
Started: Sat Dec 8 22:11:21 2018
Last Contact: Not set
Due: Not set
Updated: Mon Jan 7 11:30:57 2019 by ghudson
 

 People  
Owner
 ghudson
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Sat Dec  8 22:11:21 2018  ghudson - Ticket created    
     
From: ghudson@mit.edu
Subject: git commit


Ignore password attributes for S4U2Self requests

For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.

Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.

[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]

https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 5e6d1796106df8ba6bc1973ee0917c170d929086
Branch: master
 src/kdc/kdc_util.c           |    5 +++++
 src/lib/krb5/krb/s4u_creds.c |    2 +-
 src/tests/gssapi/t_s4u.py    |    8 ++++++++
 3 files changed, 14 insertions(+), 1 deletions(-)


Download (untitled) 807b
      Sat Dec  8 22:11:21 2018  ghudson - Requestor ghudson@mit.edu added    
      Sat Dec  8 22:11:21 2018  ghudson - Target_Version 1.17 added    
      Sat Dec  8 22:11:21 2018  ghudson - Status changed from new to resolved    
      Sat Dec  8 22:11:21 2018  ghudson - Tags pullup added    
      Mon Jan  7 11:19:16 2019  ghudson - Version_Fixed 1.17 added    
      Mon Jan  7 11:19:16 2019  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: git commit


Ignore password attributes for S4U2Self requests

For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.

Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.

[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]

(cherry picked from commit 5e6d1796106df8ba6bc1973ee0917c170d929086)

https://github.com/krb5/krb5/commit/18f64cd1dea7d213fd9d337bdb831eca2a86d2fa
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 18f64cd1dea7d213fd9d337bdb831eca2a86d2fa
Branch: krb5-1.17
 src/kdc/kdc_util.c           |    5 +++++
 src/lib/krb5/krb/s4u_creds.c |    2 +-
 src/tests/gssapi/t_s4u.py    |    8 ++++++++
 3 files changed, 14 insertions(+), 1 deletions(-)


Download (untitled) 880b
      Mon Jan  7 11:30:57 2019  ghudson - Keyword pullup deleted