Fix authdata signatures for non-TGT AS-REQs PACs (as well as anything wrapped in CAMMAC) should be signed using the local TGT key. Cross-realm TGS requests, ticket renewal and validation requests, and non-TGT AS requests currently do not pass the local TGT DB entry or its key to sign_authdata(), forcing the KDB module to do a redundant lookup in order to properly sign PACs. Rename the existing krbtgt and krbtgt_key parameters to header_server and header_key, to better indicate that they are for the header ticket server. For AS requests, pass NULL for these parameters instead of passing a duplicate of server/server_key. Add local_tgt and local_tgt_key parameters for the realm's local TGT and its first key. [ghudson@mit.edu: rewrote commit message] https://github.com/krb5/krb5/commit/15349afaaedcf1113382a92bd3a34b7cedd0129f Author: Isaac Boukris Committer: Greg Hudson Commit: 15349afaaedcf1113382a92bd3a34b7cedd0129f Branch: master src/include/kdb.h | 30 ++++++++++++++++++------------ src/kdc/kdc_authdata.c | 27 +++++++++------------------ src/lib/kdb/kdb5.c | 14 ++++++++------ src/plugins/kdb/test/kdb_test.c | 7 ++++--- 4 files changed, 39 insertions(+), 39 deletions(-)