Skip Menu |

Subject: SVN Commit
Pkinit's verification of the KDC SAN requires that the certificate
have a SAN for the server principal. That's not correct according to
RFC 4556. The KDC should have a SAN for the TGS principal; that's
independent of whether the TGS principal is actually the server.

Fix to build the TGS principal explicitly.
Commit By: hartmans
Revision: 23504
Changed Files:
U branches/anonymous/src/plugins/preauth/pkinit/pkinit_clnt.c