Subject: | KDC rejects unknown flags |
The MIT KDC (as of 1.2.6) rejects AS_REQs with unknown flags. The
specific code is in kdc/kdc_util.c:validate_as_request():
#define AS_OPTIONS_HANDLED (KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | \
KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED
| \
KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK)
[...]
/*
* If an illegal option is set, complain.
*/
if (request->kdc_options & ~(AS_OPTIONS_HANDLED)) {
*status = "INVALID AS OPTIONS";
return KDC_ERR_BADOPTION;
}
Probably the right solution is to remove these fragments.
specific code is in kdc/kdc_util.c:validate_as_request():
#define AS_OPTIONS_HANDLED (KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | \
KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED
| \
KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK)
[...]
/*
* If an illegal option is set, complain.
*/
if (request->kdc_options & ~(AS_OPTIONS_HANDLED)) {
*status = "INVALID AS OPTIONS";
return KDC_ERR_BADOPTION;
}
Probably the right solution is to remove these fragments.