Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Simplify and improve ksu cred verification

When verifying the user's initial credentials, don't compute a server
name and preemptively obtain creds for it. This change allows
krb5_verify_init_creds to use any host key in the keytab, and not just
the one for the canonicalized local hostname.

[ghudson@mit.edu: rewrote commit message]

https://github.com/krb5/krb5/commit/bbfe19f03bdeca7b05b542dbae4c1692c9800c70
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: bbfe19f03bdeca7b05b542dbae4c1692c9800c70
Branch: master
src/clients/ksu/krb_auth_su.c | 116 +---------------------------------------
1 files changed, 3 insertions(+), 113 deletions(-)
I marked this for pull-up to 1.13 because it seems like a behavior
improvement and a reasonably conservative change this early in the branch
cycle. But I wouldn't really recommend pulling it up to 1.12 or 1.11, as
it only helps in marginal circumstances. (The originally described bug
in pull request 170 only applies to 1.10.)
From: tlyu@mit.edu
Subject: git commit

Simplify and improve ksu cred verification

When verifying the user's initial credentials, don't compute a server
name and preemptively obtain creds for it. This change allows
krb5_verify_init_creds to use any host key in the keytab, and not just
the one for the canonicalized local hostname.

[ghudson@mit.edu: rewrote commit message]

(cherry picked from commit bbfe19f03bdeca7b05b542dbae4c1692c9800c70)

https://github.com/krb5/krb5/commit/7b0fd353be446c9f148ac5d870610413ce361c45
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 7b0fd353be446c9f148ac5d870610413ce361c45
Branch: krb5-1.13
src/clients/ksu/krb_auth_su.c | 116 +---------------------------------------
1 files changed, 3 insertions(+), 113 deletions(-)