RT/krbdev.mit.edu: Ticket #7120 Use correct name-type in TGS-REQs for 2008R2 RODCs

RT/krbdev.mit.edu: Ticket #7120 Use correct name-type in TGS-REQs for 2008R2 RODCs

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
7120

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component
Version_reported
Version_Fixed	1.10.2
Target_Version	1.10.2
Tags	pullup

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

7142: (tlyu) Use correct name-type in TGS-REQs for 2008R2 RODCs [resolved]
7176: (tlyu) Use correct name-type in TGS-REQs for 2008R2 RODCs [resolved]

Dates

Created:	Fri Apr 27 18:40:22 2012
Starts:	Not set
Started:	Fri Apr 27 18:40:22 2012
Last Contact:	Not set
Due:	Not set
Updated:	Tue May 15 18:27:14 2012 by tlyu

People

Owner
tlyu
Requestors
tlyu@mit.edu
Cc

AdminCc

More about Tom Yu

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

6204: meta-ticket for tracking Apple patches (open)
1149: KDC client lockout for DISALLOW_ALL_TIX or expiration (new)
1247: rpc unit tests need real synchronization (open)
1348: sketchy uses of longjmp in util/ss/listen.c (new)
1479: kdc.conf should allow KDC directory re-homing (new)
1685: consider calling remove_error_table() in krb5_free_context() (new)
2644: fakeka.c should use life_to_time/time_to_life (new)
2934: document shared lib build requirements (new)
2937: GSSAPI authorization data export (open)
2938: support 64-bit Windows (open)
3775: krb5_gss_accept_sec_context should handle inconsistent mutual auth requests (open)
4740: cccursor backend for MSLSA (new)
5531: SPNEGO acc_ctx_call_acc should only call gssint_get_mech_type for 1st token (new)
5627: handle off-path TGT referrals in krb5_get_cred_from_kdc() [rdar 3679887] (open)
6034: rework gic_opt_ext to be more portable (open)
6205: IP_RECVDSTADDR support for kpasswd server (open)
6212: Apple patch for Common Crypto (new)
6213: Apple patch to use pidfile (FreeBSD) for daemons (new)
6228: Apple patch: KDC notify password server (new)
6229: Apple-specific manpage pathname fixes (new)
6230: Apple Seatbelt support for kadmind and KDC (new)
6232: Apple manpage fix to delete reference to Kerberos.app (new)
6233: Apple patch to instal newsyslog config (new)
6234: Apple config file support for password server (new)
6235: install target for KerberosLite (new)

History

Display mode: [Brief headers] [Full headers]

Fri Apr 27 18:40:22 2012	tlyu - Ticket created
From: tlyu@mit.edu Subject: SVN Commit Use correct name-type in TGS-REQs for 2008R2 RODCs Correctly set the name-type for the TGS principals to KRB5_NT_SRV_INST in TGS-REQs. (Previously, only AS-REQs had the name-type set in this way.) Windows Server 2008 R2 read-only domain controllers (RODCs) insist on having the correct name-type for the TGS principal in TGS-REQs as well as AS-REQs, at least for the TGT-forwarding case. Thanks to Sebastian Galiano for reporting this bug and helping with testing. http://src.mit.edu/fisheye/changelog/krb5/?cs=25839 Commit By: tlyu Revision: 25839 Changed Files: U trunk/src/lib/krb5/krb/fwd_tgt.c U trunk/src/lib/krb5/krb/tgtname.c		Download (untitled) 643b
Fri Apr 27 18:40:22 2012	tlyu - Requestor tlyu@mit.edu added
Fri Apr 27 18:40:22 2012	tlyu - Status changed from new to review
Fri Apr 27 18:40:22 2012	tlyu - Tags pullup added
Fri Apr 27 18:44:33 2012	tlyu - Subject changed from [no subject] to Use correct name-type in TGS-REQs for 2008R2 RODCs
Fri Apr 27 18:45:13 2012	tlyu - Target_Version 1.10.2 added
Tue May 15 18:27:14 2012	tlyu - Status changed from review to resolved
Tue May 15 18:27:14 2012	tlyu - Version_Fixed 1.10.2 added
Tue May 15 18:27:14 2012	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit Use correct name-type in TGS-REQs for 2008R2 RODCs Correctly set the name-type for the TGS principals to KRB5_NT_SRV_INST in TGS-REQs. (Previously, only AS-REQs had the name-type set in this way.) Windows Server 2008 R2 read-only domain controllers (RODCs) insist on having the correct name-type for the TGS principal in TGS-REQs as well as AS-REQs, at least for the TGT-forwarding case. Thanks to Sebastian Galiano for reporting this bug and helping with testing. (cherry picked from commit 5994d8928b8ff88751b14bc60c7d7bfce8b30e57) https://github.com/krb5/krb5/commit/7a9927270463a213f4af84462743315dcffd71d1 Author: Tom Yu <tlyu@mit.edu> Commit: 7a9927270463a213f4af84462743315dcffd71d1 src/lib/krb5/krb/fwd_tgt.c \| 12 ++++-------- src/lib/krb5/krb/tgtname.c \| 19 +++++++++++++++---- 2 files changed, 19 insertions(+), 12 deletions(-)		Download (untitled) 852b