diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-02-13 15:55:32 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-02-13 15:55:32 +0000 |
| commit | e0c545139c54d6612687b0458b56ce34419a3a36 (patch) | |
| tree | 058a0f45669d80ec9a60a4ab426b73e666b5d1fe /src/lib/krb5/krb/decode_kdc.c | |
| parent | b2c96206c3d6c8d253cc8ed2f4cc859e9c61c217 (diff) | |
| download | krb5-e0c545139c54d6612687b0458b56ce34419a3a36.zip krb5-e0c545139c54d6612687b0458b56ce34419a3a36.tar.gz krb5-e0c545139c54d6612687b0458b56ce34419a3a36.tar.bz2 | |
Implement TGS authenticator subkey usage
Implement support for use of a subkey in the TGS req. This is needed
by FAST TGS support. The interface to krb5_send_tgs changed in order
to gain a subkey output parameter. Since this is a private interface
it was renamed to krb5int_send_tgs and removed from the export list.
* send_tgs.c: generate a subkey and return to caller
* decode_kdc_rep.c: Use subkey keyusage
* gc_via_tkt.c: pass in subkey to decode_kdc_rep
* send_tgs.c: use subkey for encrypting authorization data
ticket: 6393
tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21993 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/decode_kdc.c')
| -rw-r--r-- | src/lib/krb5/krb/decode_kdc.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/lib/krb5/krb/decode_kdc.c b/src/lib/krb5/krb/decode_kdc.c index cdfc4ff..a75bbf2 100644 --- a/src/lib/krb5/krb/decode_kdc.c +++ b/src/lib/krb5/krb/decode_kdc.c @@ -53,12 +53,7 @@ krb5_decode_kdc_rep(krb5_context context, krb5_data *enc_rep, const krb5_keybloc usage = KRB5_KEYUSAGE_AS_REP_ENCPART; retval = decode_krb5_as_rep(enc_rep, &local_dec_rep); } else if (krb5_is_tgs_rep(enc_rep)) { - usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; - /* KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY would go here, except - that this client code base doesn't ever put a subkey in the - tgs_req authenticator, so the tgs_rep is never encrypted in - one. (Check send_tgs.c:krb5_send_tgs_basic(), near the top - where authent.subkey is set to 0) */ + usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY; retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep); } else { return KRB5KRB_AP_ERR_MSG_TYPE; |