Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Add etype-info2 to MORE_PREAUTH_DATA_REQUIRED

A multi-round-trip preauth mechanism may require key information, but
not for the initial message from the client. To support optimistic
preauth for such mechanisms, make the KDC include etype-info2
information in a MORE_PREAUTH_DATA_REQUIRED error if the client didn't
include a PA-FX-COOKIE in its request.

Add optimistic preauth support to the test preauth module and to
etinfo.c, and add a test case to t_etype_info.py to verify that
etype-info2 is included in the optimistic multi-hop scenario.

https://github.com/krb5/krb5/commit/1b4bd4e388faa5685aa483fdc2bded02c95350bc
Author: Greg Hudson <ghudson@mit.edu>
Commit: 1b4bd4e388faa5685aa483fdc2bded02c95350bc
Branch: master
src/kdc/kdc_preauth.c | 52 ++++++++++++++++++++++++++++++++++++
src/plugins/preauth/test/cltest.c | 17 +++++++++++-
src/plugins/preauth/test/kdctest.c | 11 +++++---
src/tests/etinfo.c | 22 +++++++++++---
src/tests/t_etype_info.py | 12 ++++++++
5 files changed, 104 insertions(+), 10 deletions(-)