Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

backport r24564 from trunk

------------------------------------------------------------------------
r24564 | tlyu | 2010-12-09 20:06:26 -0500 (Thu, 09 Dec 2010) | 18 lines

ticket: 6839
subject: handle MS PACs that lack server checksum
target_version 1.9
tags: pullup

Apple Mac OS X Server's Open Directory KDC issues MS PAC like
authorization data that lacks a server checksum. If this checksum is
missing, mark the PAC as unverfied, but allow
krb5int_authdata_verify() to succeed. Filter out the unverified PAC
in subsequent calls to krb5_authdata_get_attribute(). Add trace
points to indicate where this behavior occurs.

Thanks to Helmut Grohne for help with analysis. This bug is also
Debian Bug #604925:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925

This change should also get backported to krb5-1.8.x.

https://github.com/krb5/krb5/commit/e48a0cd64c74b253527cb172d4b8e5325352d0e7
Commit By: tlyu
Revision: 24574
Changed Files:
U branches/krb5-1-8/src/lib/krb5/krb/pac.c