diff options
author | Isaac Boukris <iboukris@gmail.com> | 2020-01-15 11:14:00 +0100 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-01-24 22:24:10 -0500 |
commit | 17570dd94056df70c19108c14d46cd6132509e6a (patch) | |
tree | b6f7dced5c77b61be3e85ecf7327f685b98abb5e /src/appl | |
parent | 67bb22ac43198b173f16444468831b0e911e69cd (diff) | |
download | krb5-17570dd94056df70c19108c14d46cd6132509e6a.zip krb5-17570dd94056df70c19108c14d46cd6132509e6a.tar.gz krb5-17570dd94056df70c19108c14d46cd6132509e6a.tar.bz2 |
Allow cross-realm RBCD with PAC and other authdata
For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element. For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.
Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.
[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]
(cherry picked from commit 94f7c9705879500b1dc8dda8592490efce05688f)
ticket: 8868
version_fixed: 1.18
Diffstat (limited to 'src/appl')
0 files changed, 0 insertions, 0 deletions