From: | ghudson@mit.edu |
Subject: | git commit |
Allow validation of PACs with enterprise names
In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.
[ghudson@mit.edu: rewrote commit message; adjusted style]
https://github.com/krb5/krb5/commit/f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Branch: master
src/lib/krb5/krb/pac.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)