git.samba.org - lorikeet-heimdal.git/commit

git.samba.org / lorikeet-heimdal.git / commit

author	Nicolas Williams <nico@twosigma.com>
	Thu, 5 Jan 2023 23:57:36 +0000 (17:57 -0600)
committer	Nicolas Williams <nico@twosigma.com>
	Thu, 5 Jan 2023 23:57:36 +0000 (17:57 -0600)
commit	ece456b028b3f1b2eab06265d4c99544f8f28993
tree	80fee302f847de7ee6a41886e3b2a6adcbe725f6	tree
parent	b87b813feeadc21a510effee5421705445c7f44e	commit \| diff

krb5: Do not fail to rd_req if no AD-KDC-ISSUED

We reject tickets that have no AD-KDC-ISSUED(!).

This was reported by Samba. The workaround they found was to set
check_pac = true in krb5.conf, as that clobbers the ret from
krb5_ticket_get_authorization_data_type() not having found an
AD-KDC-ISSUED element.

This was introduced in 1cede09a0b772e99beac6fcc440a917c9e8b183a.

lib/krb5/rd_req.c

diff | blob | history

Lorikeet-Heimal

RSS Atom