Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 1245 Refactor KDC renewable ticket handling Create a new helper to compute the renewable lifetime for AS and TGS requests. This has some minor behavior differences: * We only issue a renewable ticket if the renewable lifetime is greater than the normal ticket lifetime. * We give RENEWABLE precedence over RENEWABLE-OK in determining the requested renewable lifetime, instead of sometimes doing the reverse. * We use the client's maximum renewable life for TGS requests if we have looked up its DB entry. * Instead of rejecting requests for renewable tickets (if the client or server principal doesn't allow it, or a TGS request's TGT isn't renewable), issue non-renewable tickets. https://github.com/krb5/krb5/commit/4f551a7ec126c52ee1f8fea4c3954015b70987bd Author: Greg Hudson Commit: 4f551a7ec126c52ee1f8fea4c3954015b70987bd Branch: master src/kdc/do_as_req.c | 29 ++------------------- src/kdc/do_tgs_req.c | 28 +++----------------- src/kdc/kdc_util.c | 56 +++++++++++++++++++++++++++++++++++------ src/kdc/kdc_util.h | 5 +++ src/kdc/tgs_policy.c | 2 +- src/tests/t_renew.py | 68 ++++++++++++++++++++++++++++++++++++++++++++++--- 6 files changed, 124 insertions(+), 64 deletions(-)