diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-01-31 17:02:34 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2018-03-19 16:10:42 -0400 |
commit | 085785362e01467cb25c79a90dcebfba9ea019d8 (patch) | |
tree | 92a4f144f5770b8a4129210885b33068748cba8b /src/include/krb5/krb5.hin | |
parent | b38e318cea18fd65647189eed64aef83bf1cb772 (diff) | |
download | krb5-085785362e01467cb25c79a90dcebfba9ea019d8.zip krb5-085785362e01467cb25c79a90dcebfba9ea019d8.tar.gz krb5-085785362e01467cb25c79a90dcebfba9ea019d8.tar.bz2 |
Add PKINIT client support for freshness token
Send an empty PA_AS_FRESHNESS padata item in unauthenticated AS
requests to indicate support for RFC 8070. If the KDC includes a
PA_AS_FRESHNESS value in its method data, echo it back in the new
freshnessToken field of pkAuthenticator
ticket: 8648
Diffstat (limited to 'src/include/krb5/krb5.hin')
-rw-r--r-- | src/include/krb5/krb5.hin | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 55135fc..bebd9a5 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -1873,6 +1873,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define KRB5_PADATA_OTP_PIN_CHANGE 144 /**< RFC 6560 section 4.3 */ #define KRB5_PADATA_PKINIT_KX 147 /**< RFC 6112 */ #define KRB5_ENCPADATA_REQ_ENC_PA_REP 149 /**< RFC 6806 */ +#define KRB5_PADATA_AS_FRESHNESS 150 /**< RFC 8070 */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 |