Skip Menu |
 

From: hartmans@mit.edu
Subject: SVN Commit
Pkinit's verification of the KDC SAN requires that the certificate
have a SAN for the server principal. That's not correct according to
RFC 4556. The KDC should have a SAN for the TGS principal; that's
independent of whether the TGS principal is actually the server.

Fix to build the TGS principal explicitly.

https://github.com/krb5/krb5/commit/e95ea8f8428041134a835890033d1eef8dca2a06
Commit By: hartmans
Revision: 23504
Changed Files:
U branches/anonymous/src/plugins/preauth/pkinit/pkinit_clnt.c