| Subject: | sign_authdata does not provide all needed tgt keys |
When signing an MS-PAC authorization data buffer and the principal is a
cross realm tgt the sign_authdata function is provide the cross-realm
tgt key as krbtgt_key, but the data needs to be signed with our own
realm tgt key.It would be useful if the function can be given both the
cross realm (in order to verify the existing signatures) and our own
realm tgt keys (in order to be able to re-sign the authorization data
after validation).
cross realm tgt the sign_authdata function is provide the cross-realm
tgt key as krbtgt_key, but the data needs to be signed with our own
realm tgt key.It would be useful if the function can be given both the
cross realm (in order to verify the existing signatures) and our own
realm tgt keys (in order to be able to re-sign the authorization data
after validation).