Ticket History #8649: Allow validation of PACs with enterprise names

Allow validation of PACs with enterprise names

In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.

[ghudson@mit.edu: rewrote commit message; adjusted style]

https://github.com/krb5/krb5/commit/f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: f876aab80a69f9b934cd7f4e2339e3815aa8c4bf
Branch: master
src/lib/krb5/krb/pac.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)

Allow validation of PACs with enterprise names

In k5_pac_validate_client(), if we are verifying against an enterprise
principal, parse the PAC_CLIENT_INFO field as an enterprise principal.
This scenario may arise in the response to an S4U2Self request for an
enterprise principal, as the KDC does not appear to canonicalize the
client principal requested in PA-FOR-USER.

[ghudson@mit.edu: rewrote commit message; adjusted style]

(cherry picked from commit f876aab80a69f9b934cd7f4e2339e3815aa8c4bf)

https://github.com/krb5/krb5/commit/dccffae20a818466650f23230294e9c9ee4e0e5a
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: dccffae20a818466650f23230294e9c9ee4e0e5a
Branch: krb5-1.16
src/lib/krb5/krb/pac.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)