Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 702


Avoid draft 9 fallback after PKINIT failure

If a KDC offers both RFC 4556 and draft 9 PKINIT, and we experience a
client-side failure trying RFC 4556 PKINIT (e.g. due to the user
entering the wrong PKCS #11 PIN), do not try to use draft 9 PKINIT.

https://github.com/krb5/krb5/commit/0963fa5f0d01d81d3c4088088b94c455f033e921
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0963fa5f0d01d81d3c4088088b94c455f033e921
Branch: master
 src/plugins/preauth/pkinit/pkinit.h       |    1 +
 src/plugins/preauth/pkinit/pkinit_clnt.c  |    7 +++++++
 src/plugins/preauth/pkinit/pkinit_trace.h |    2 ++
 src/tests/t_pkinit.py                     |    8 ++++++++
 4 files changed, 18 insertions(+), 0 deletions(-)