Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 694


Enforce auth indicator restrictions in KDC

If the string attribute "require_auth" is set on a the server
principal of an AS or TGS request, deny the request unless one of the
named indicators is present was asserted for the client's initial
authentication.

https://github.com/krb5/krb5/commit/24dc279b9b14fe8d6674fdd2a9210c1e1fb52e37
Author: Greg Hudson <ghudson@mit.edu>
Commit: 24dc279b9b14fe8d6674fdd2a9210c1e1fb52e37
Branch: master
 src/include/kdb.h    |    1 +
 src/kdc/do_as_req.c  |    7 +++++++
 src/kdc/do_tgs_req.c |    6 ++++++
 src/kdc/kdc_util.c   |   36 ++++++++++++++++++++++++++++++++++++
 src/kdc/kdc_util.h   |    4 ++++
 5 files changed, 54 insertions(+), 0 deletions(-)