Skip Menu |
 

From: jaltman@mit.edu
Subject: SVN Commit
When validating a Kerberos 5 principal name, the request
to the KDC should not request forwardable, renewable, or
proxiable options as these may be blocked by policy and
will result in the return of an error.

Always treat the Kerberos 5 principal name as valid
unless the KDC returns an error that clearly indicates that
the principal name does not exist.

Use a MEMORY: ccache for temporary storage instead of an
API: ccache.

Initialize pointer values with NULL instead of 0.

Commit By: jaltman



Revision: 19069
Changed Files:
U trunk/src/windows/identity/plugins/krb5/krb5funcs.c
U trunk/src/windows/identity/plugins/krb5/krb5identpro.c
U trunk/src/windows/identity/plugins/krb5/krb5newcreds.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r19069 from trunk

r19069@cathode-dark-space: jaltman | 2007-01-18 07:43:58 -0500
ticket: new
subject: NIM Kerberos 5 Provider corrections
tags: pullup
component: windows

When validating a Kerberos 5 principal name, the request
to the KDC should not request forwardable, renewable, or
proxiable options as these may be blocked by policy and
will result in the return of an error.

Always treat the Kerberos 5 principal name as valid
unless the KDC returns an error that clearly indicates that
the principal name does not exist.

Use a MEMORY: ccache for temporary storage instead of an
API: ccache.

Initialize pointer values with NULL instead of 0.



Commit By: tlyu



Revision: 19318
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5funcs.c
U branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5identpro.c
U branches/krb5-1-6/src/windows/identity/plugins/krb5/krb5newcreds.c