From: | ghudson@mit.edu |
Subject: | git commit |
Add replace_reply_key kdcpreauth callback
Provide an explicit way for kdcpreauth modules to replace the reply
key, and internally track when the reply key is fully replaced (as
opposed to strengthened by replacing it with a derivative of the
client long-term key). Use this facility in the FAST OTP, PKINIT, and
SPAKE kdcpreauth modules.
https://github.com/krb5/krb5/commit/ff57dc682a27bd205d715f3c0bed84890f2453c4
Author: Greg Hudson <ghudson@mit.edu>
Commit: ff57dc682a27bd205d715f3c0bed84890f2453c4
Branch: master
src/include/krb5/kdcpreauth_plugin.h | 29 +++++++++++++----
src/kdc/do_as_req.c | 5 +--
src/kdc/kdc_preauth.c | 22 ++++++++++++-
src/kdc/kdc_util.h | 1 +
src/plugins/preauth/otp/main.c | 51 +++++++++++++------------------
src/plugins/preauth/pkinit/pkinit_srv.c | 41 +++++++++++++------------
src/plugins/preauth/spake/spake_kdc.c | 24 +++-----------
7 files changed, 92 insertions(+), 81 deletions(-)