diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2019-01-17 00:23:25 +0200 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2019-03-13 16:40:59 -0400 |
| commit | 0fbfffbef2c266fedac557e00108b944e31e8d50 (patch) | |
| tree | 81911406955f7c360f66d129db1a36b61c89b8b7 /src/tests/gssapi/t_s4u.py | |
| parent | 26c3818737cf16d476043a4acec8afb0fa67e47f (diff) | |
| download | krb5-0fbfffbef2c266fedac557e00108b944e31e8d50.zip krb5-0fbfffbef2c266fedac557e00108b944e31e8d50.tar.gz krb5-0fbfffbef2c266fedac557e00108b944e31e8d50.tar.bz2 | |
Add KDC support for X.509 S4U2Self requests
Add a KDB function krb5_db_get_s4u_x509_principal() and an associated
method in the DAL, bumping the minor version and cleaning up a
leftover comment in the table from major version 6.
When processing an AS-REQ, look up the client principal by certificate
if the request contains a non-empty PA-S4U-X509-USER value. When
processing an S4U2Self TGS-REQ, allow requests with certificates, and
look up the client principal by certificate if one is presented.
[ghudson@mit.edu: factored out lookup_client() in AS code; rewrote
commit message and some comments; adjusted flow control changes in
kdc_process_s4u_x509_user()]
ticket: 8781 (new)
Diffstat (limited to 'src/tests/gssapi/t_s4u.py')
0 files changed, 0 insertions, 0 deletions