Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.507 (Entity 5.507)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1237


Add PKINIT client support for freshness token

Send an empty PA_AS_FRESHNESS padata item in unauthenticated AS
requests to indicate support for RFC 8070.  If the KDC includes a
PA_AS_FRESHNESS value in its method data, echo it back in the new
freshnessToken field of pkAuthenticator

https://github.com/krb5/krb5/commit/085785362e01467cb25c79a90dcebfba9ea019d8
Author: Greg Hudson <ghudson@mit.edu>
Commit: 085785362e01467cb25c79a90dcebfba9ea019d8
Branch: master
 doc/user/user_commands/kinit.rst          |    3 +++
 src/include/k5-int-pkinit.h               |    1 +
 src/include/krb5/krb5.hin                 |    1 +
 src/lib/krb5/asn.1/asn1_k_encode.c        |    5 ++++-
 src/lib/krb5/krb/get_in_tkt.c             |   12 ++++++++----
 src/lib/krb5/krb/init_creds_ctx.h         |    2 +-
 src/plugins/preauth/pkinit/pkinit.h       |    3 +++
 src/plugins/preauth/pkinit/pkinit_clnt.c  |   19 ++++++++++++++++++-
 src/plugins/preauth/pkinit/pkinit_lib.c   |    3 +++
 src/plugins/preauth/pkinit/pkinit_trace.h |    2 ++
 src/tests/asn.1/ktest.c                   |    4 ++++
 src/tests/asn.1/pkinit_encode.out         |    2 +-
 src/tests/asn.1/pkinit_trval.out          |    1 +
 13 files changed, 50 insertions(+), 8 deletions(-)