Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit

With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
can choose an enctype for the acceptor subkey other than the one in
the keytab. If the resulting security context will be exported and
re-imported by another gss-krb5 implementation (such as one in the
kernel), the acceptor needs a way to restrict the set of negotiated
enctypes to those supported by the other implementation. We had that
functionality for the initiator already in the form of
gss_krb5_set_allowable_enctypes; this change makes it work for the
acceptor as well.


https://github.com/krb5/krb5/commit/af11454d3adf02a0e6fe3156e37b7b06fd5a9d3b
Commit By: ghudson
Revision: 24603
Changed Files:
U trunk/src/lib/gssapi/krb5/accept_sec_context.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24603 from trunk

------------------------------------------------------------------------
r24603 | ghudson | 2011-01-24 19:23:48 -0500 (Mon, 24 Jan 2011) | 15 lines

ticket: 6852
subject: Make gss_krb5_set_allowable_enctypes work for the acceptor
target_version: 1.9.1
tags: pullup

With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
can choose an enctype for the acceptor subkey other than the one in
the keytab. If the resulting security context will be exported and
re-imported by another gss-krb5 implementation (such as one in the
kernel), the acceptor needs a way to restrict the set of negotiated
enctypes to those supported by the other implementation. We had that
functionality for the initiator already in the form of
gss_krb5_set_allowable_enctypes; this change makes it work for the
acceptor as well.

https://github.com/krb5/krb5/commit/6a60b22ae48f18d39e3d9eca767d2d2b9dc81c46
Commit By: tlyu
Revision: 24610
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/accept_sec_context.c