Ticket History #7996: Simplify and improve ksu cred verification

# Wed Aug 20 14:19:44 2014 ghudson@mit.edu (Greg Hudson) - Ticket created

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 695B

Simplify and improve ksu cred verification

When verifying the user's initial credentials, don't compute a server
name and preemptively obtain creds for it. This change allows
krb5_verify_init_creds to use any host key in the keytab, and not just
the one for the canonicalized local hostname.

[ghudson@mit.edu: rewrote commit message]

https://github.com/krb5/krb5/commit/bbfe19f03bdeca7b05b542dbae4c1692c9800c70
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: bbfe19f03bdeca7b05b542dbae4c1692c9800c70
Branch: master
src/clients/ksu/krb_auth_su.c | 116 +---------------------------------------
1 files changed, 3 insertions(+), 113 deletions(-)

# Wed Aug 20 14:19:45 2014 ghudson@mit.edu (Greg Hudson) - Requestor ghudson@mit.edu (Greg Hudson) added

# Wed Aug 20 14:19:45 2014 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Wed Aug 20 14:19:45 2014 ghudson@mit.edu (Greg Hudson) - Tags pullup added

# Wed Aug 20 14:19:45 2014 ghudson@mit.edu (Greg Hudson) - Target_Version 1.13 added

# Wed Aug 20 14:22:13 2014 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/plain 333B

I marked this for pull-up to 1.13 because it seems like a behavior
improvement and a reasonably conservative change this early in the branch
cycle. But I wouldn't really recommend pulling it up to 1.12 or 1.11, as
it only helps in marginal circumstances. (The originally described bug
in pull request 170 only applies to 1.10.)

# Thu Aug 21 18:11:04 2014 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Thu Aug 21 18:11:04 2014 tlyu (Taylor Yu) - Version_Fixed 1.13 added

# Thu Aug 21 18:11:04 2014 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 760B

Simplify and improve ksu cred verification

When verifying the user's initial credentials, don't compute a server
name and preemptively obtain creds for it. This change allows
krb5_verify_init_creds to use any host key in the keytab, and not just
the one for the canonicalized local hostname.

[ghudson@mit.edu: rewrote commit message]

(cherry picked from commit bbfe19f03bdeca7b05b542dbae4c1692c9800c70)

https://github.com/krb5/krb5/commit/7b0fd353be446c9f148ac5d870610413ce361c45
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 7b0fd353be446c9f148ac5d870610413ce361c45
Branch: krb5-1.13
src/clients/ksu/krb_auth_su.c | 116 +---------------------------------------
1 files changed, 3 insertions(+), 113 deletions(-)

# Wed Dec 16 18:03:02 2015 tlyu (Taylor Yu) - CustomField pullup deleted