Skip Menu |
 

Subject: Add krb5_get_init_creds_opt_set_pac_request
Heimdal has a function krb5_get_init_creds_opt_set_pac_request which
causes a PA-PAC-REQUEST padata to be included in the AS request,
requesting the inclusion or exclusion of a PAC. We should support this
as well.

See also:

http://mailman.mit.edu/pipermail/krbdev/2014-August/012138.html
From: ghudson@mit.edu
Subject: git commit

Add krb5_get_init_creds_opt_set_pac_request()

Add a new public function to set a PAC request option for an AS
request.

[ghudson@mit.edu: simplified code; made signature conform to Heimdal
function; expanded on doxygen comment; added new function to API
reference; changed code to send encoded KERB-PA-PAC-REQUEST instead
of a single octet]

https://github.com/krb5/krb5/commit/8fc32c0d8d6887ad628382f0b90439bfce82fb73
Author: Andreas Schneider <asn@samba.org>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 8fc32c0d8d6887ad628382f0b90439bfce82fb73
Branch: master
doc/appdev/refs/api/index.rst | 1 +
src/include/krb5/krb5.hin | 20 ++++++++++++++++++++
src/lib/krb5/asn.1/asn1_k_encode.c | 1 +
src/lib/krb5/krb/get_in_tkt.c | 28 ++++++++++++++++++++++++++++
src/lib/krb5/krb/gic_opt.c | 25 +++++++++++++++++++++++++
src/lib/krb5/krb/int-proto.h | 5 +++++
src/lib/krb5/libkrb5.exports | 1 +
src/lib/krb5_32.def | 1 +
8 files changed, 82 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add kinit PAC request options

Add --request-pac and --no-request-pac options to kinit, to explicitly
request inclusion or exclusion of PAC authorization data.

https://github.com/krb5/krb5/commit/c5c8e57b77d440dbce565579e10e279acfde4674
Author: Andreas Schneider <asn@samba.org>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: c5c8e57b77d440dbce565579e10e279acfde4674
Branch: master
src/clients/kinit/kinit.c | 43 +++++++++++++++++++++++++++++++------------
1 files changed, 31 insertions(+), 12 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Test KDB authdata and kinit pac options

Add a sign_authdata method to the test KDB module. Add tests to
t_authdata.py for KDB module authdata and the kinit --request-pac and
--no-request-pac options.

https://github.com/krb5/krb5/commit/12cc2b9dab45b05c13642c2b4b0ce0d3191663c7
Author: Greg Hudson <ghudson@mit.edu>
Commit: 12cc2b9dab45b05c13642c2b4b0ce0d3191663c7
Branch: master
src/plugins/kdb/test/kdb_test.c | 27 +++++++++++++++++++++-
src/tests/t_authdata.py | 48 ++++++++++++++++++++++++++++++---------
2 files changed, 63 insertions(+), 12 deletions(-)