Skip Menu |
 

Subject: updated CFX spec: no unknown token ids; extensions after KRB-CRED
Looks like the CFX spec is changing. The unknown token id support
(including the returned CONTINUE_NEEDED status and KRB-ERROR token) is
likely to be going away, and in its place, the so-called "checksum" in
the AP-REQ will have an extension field after the Flags or Delegation
fields, which a plain CFX (i.e., not newer than CFX) server must ignore.
From: raeburn@mit.edu
Subject: CVS Commit
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
(make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some
stuff after the delegation slot.
(new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids.

* accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the
delegation flag; only look for a delegation if the flag is set, and only look
for delegation, not other options. Ignore any other data there.


To generate a diff of this commit:



cvs diff -r1.233 -r1.234 krb5/src/lib/gssapi/krb5/ChangeLog
cvs diff -r1.82 -r1.83
krb5/src/lib/gssapi/krb5/accept_sec_context.c
cvs diff -r1.74 -r1.75 krb5/src/lib/gssapi/krb5/init_sec_context.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r1.218.2.12 -r1.218.2.13
krb5/src/lib/gssapi/krb5/ChangeLog
cvs diff -r1.77.2.5 -r1.77.2.6
krb5/src/lib/gssapi/krb5/accept_sec_context.c
cvs diff -r1.66.2.7 -r1.66.2.8
krb5/src/lib/gssapi/krb5/init_sec_context.c