diff options
author | Luke Howard <lukeh@padl.com> | 2009-08-19 06:34:40 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-08-19 06:34:40 +0000 |
commit | 09e4fe277bf522d6fee2a8c5b3b0329cc53ba985 (patch) | |
tree | 4a50b6d40c4b23bf6ee9d528518bc92db9286011 | |
parent | 09d04bb89d5a2b469b587f0a577c44588e0e01e3 (diff) | |
download | krb5-09e4fe277bf522d6fee2a8c5b3b0329cc53ba985.zip krb5-09e4fe277bf522d6fee2a8c5b3b0329cc53ba985.tar.gz krb5-09e4fe277bf522d6fee2a8c5b3b0329cc53ba985.tar.bz2 |
update comments describing clearing of forwardable flag, again
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22548 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_tgs_req.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index c9d0a2e..0a7c968 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -444,10 +444,12 @@ tgt_again: if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) { /* * If S4U2Self principal is not forwardable, then mark ticket as - * unforwardable. This behaviour matches Windows rather than MIT - * (which returns KDC_ERR_BADOPTION in the AS-REQ code path). + * unforwardable. This behaviour matches Windows, but it is + * different to the MIT AS-REQ path, which returns an error + * (KDC_ERR_POLICY) if forwardable tickets cannot be issued. * - * Consider this block the S4U2Self validate_forwardable(). + * Consider this block the S4U2Self equivalent to + * validate_forwardable(). */ if (c_nprincs && isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) |