Skip Menu |

Subject: git commit

Expand S4U2Self exception in KDC lineage check

An S4U2Self TGS-REQ using only a certificate to identify the user will
not include PA-FOR-USER, so we need to check both types when making an
exception in the lineage check. (S4U2Self requests are allowed to
bypass the lineage check because cross-realm S4U2Self ends with a
backwards cross-realm request to the server realm.)

[ factored out padata check; deindented the code block
by combining conditionals; rewrote commit message]
Author: Isaac Boukris <>
Committer: Greg Hudson <>
Commit: 26c3818737cf16d476043a4acec8afb0fa67e47f
Branch: master
src/kdc/kdc_util.c | 27 +++++++++++++++++----------
1 files changed, 17 insertions(+), 10 deletions(-)