From: | ghudson@mit.edu |
Subject: | git commit |
Only include one key in etype-info
As described in RFC 6113 section 2.1, the KDC can choose a single
long-term key at the beginning of the preauth conversation based on
the request enctype list. Implement this change for the PA-ETYPE-INFO
and PA-ETYPE-INFO2 padata included in preauth hint lists, by selecting
the client key before checking padata, making the client keyblock
available in the preauth rock, and unifying the etype-info handlers to
use a single helper function for edata and AS-REP padata.
https://github.com/krb5/krb5/commit/385cd2d07983a89892dad1606e1a41a78066c6ec
Author: Greg Hudson <ghudson@mit.edu>
Commit: 385cd2d07983a89892dad1606e1a41a78066c6ec
Branch: master
src/kdc/do_as_req.c | 88 ++++++++++------
src/kdc/kdc_preauth.c | 269 +++++++++----------------------------------------
src/kdc/kdc_util.h | 1 +
3 files changed, 104 insertions(+), 254 deletions(-)