Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Do not always canonicalize enterprise principals

When processing an AS request in the KDC, do not assume
KRB5_KDB_FLAG_CANONICALIZE for enterprise client names. This change
allows the KDB module to only canonicalize enterprise client names if
the canonicalize flag was set on the request, as Windows does. The
KDB module may check the principal type and apply canonicalization as
appropriate.

[ghudson@mit.edu: edited comments; rewrote commit message]

https://github.com/krb5/krb5/commit/3f5955631a2056f8ec4d1ce73d9681fa7da061c2
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 3f5955631a2056f8ec4d1ce73d9681fa7da061c2
Branch: master
src/include/kdb.h | 21 ++++++++++++---------
src/kdc/do_as_req.c | 9 ++++-----
src/tests/t_kdb.py | 12 ++++++++++++
3 files changed, 28 insertions(+), 14 deletions(-)