From: | ghudson@mit.edu |
Subject: | SVN Commit |
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.
Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).
https://github.com/krb5/krb5/commit/6581735ddea7215935e91c34a2103de1acfe3952
Commit By: ghudson
Revision: 23697
Changed Files:
U trunk/src/kdc/kdc_authdata.c
U trunk/src/kdc/kdc_util.c
U trunk/src/kdc/kdc_util.h