Age | Commit message (Collapse) | Author | Files | Lines |
|
git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-8-2-final@24128 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24127 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24114 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24112 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24102 | ghudson | 2010-05-24 22:44:45 -0400 (Mon, 24 May 2010) | 11 lines
ticket: 6734
subject: FAST negotiation could erroneously succeed
target_version: 1.8.2
tags: pullup
When FAST negotiation is performed against an older KDC
(rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set),
krb5int_fast_verify_nego did not set the value of *fast_avail, causing
stack garbage to be used in init_creds_step_reply. Initialize
*fast_avail at the beginning of the function per coding practices.
ticket: 6734
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24111 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24074 | tlyu | 2010-05-20 16:42:26 -0400 (Thu, 20 May 2010) | 11 lines
ticket: 6730
subject: kdc_tcp_ports not documented in kdc.conf.M
target_version: 1.8.2
tags: pullup
The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M,
though it was documented in doc/admin.texinfo. Copy text from there
for now. The setting defaults to an empty string at the moment,
causing the KDC to not listen on TCP by default, confusing some users.
Changing this behavior is a separate issue.
ticket: 6730
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24077 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24075 | tlyu | 2010-05-20 17:32:47 -0400 (Thu, 20 May 2010) | 8 lines
ticket: 6726
target_version: 1.8.2
tags: pullup
Apply patch from Arlene Berry to detect and ignore a duplicate
mechanism token sent in the mechListMIC field, such as sent by Windows
2000 Server.
ticket: 6726
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24076 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24055 | ghudson | 2010-05-18 13:19:15 -0400 (Tue, 18 May 2010) | 6 lines
ticket: 6562
When parsing a KDC or admin server string, allow the name or address
to be enclosed in brackets so that IPv6 addresses can be represented.
(IPv6 addresses contain colons, which look like port separators.)
ticket: 6562
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24073 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines
ticket: 6725
subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
tags: pullup
target_version: 1.8.2
Make krb5_gss_accept_sec_context() check for a null authenticator
checksum pointer before attempting to dereference it.
ticket: 6725
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24063 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24020 | ghudson | 2010-05-13 14:49:20 -0400 (Thu, 13 May 2010) | 8 lines
ticket: 6722
subject: Error handling bug in krb5_init_creds_init()
tags: pullup
target_version: 1.8.2
Fix a bug in krb5_init_creds_init() where a freed context could be
returned to the caller in certain error cases.
ticket: 6722
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24062 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r24002 | ghudson | 2010-05-10 18:23:57 -0400 (Mon, 10 May 2010) | 14 lines
ticket: 6718
subject: Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
target_version: 1.8.2
tags: pullup
In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine
whether krbLoginFailedCount existed on the entry when it was
retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT,
and don't assert an old value when not using LDAP_MOD_INCREMENT.
Also, create the krbLoginFailedCount attribute when creating new
entries. This allows us to use LDAP_MOD_INCREMENT during the first
failed login (if the server supports it), avoiding a race condition.
ticket: 6718
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24061 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23959 | tlyu | 2010-04-30 17:10:55 -0400 (Fri, 30 Apr 2010) | 8 lines
ticket: 6711
subject: memory leak in process_tgs_req in r23724
tags: pullup
target_version: 1.8.2
Fix a KDC memory leak that was introduced by r23724 that could leak
the decoded request.
ticket: 6711
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24060 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23928 | tlyu | 2010-04-22 21:10:20 -0400 (Thu, 22 Apr 2010) | 10 lines
ticket: 6698
target_version: 1.8.2
tags: pullup
Adapted patch from Jason Rogers. It wasn't complete, so this commit
fixes the other instances of the 64-bit problem.
Also fix krb5_deltat_to_str(), which would previously always return an
empty string.
ticket: 6698
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24059 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23929 | tlyu | 2010-04-22 21:30:48 -0400 (Thu, 22 Apr 2010) | 7 lines
ticket: 6697
target_version: 1.8.2
tags: pullup
Adapted patch from Arlene Berry to handle dlerror() returning a null
pointer.
ticket: 6697
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24058 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23925 | tlyu | 2010-04-22 16:04:01 -0400 (Thu, 22 Apr 2010) | 8 lines
ticket: 6696
target_version: 1.8.2
tags: pullup
Apply patch from Arlene Berry to cease freeing error tokens output by
accept_sec_context, allowing them to actually be sent to the
initiator.
ticket: 6696
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24057 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23912 | tlyu | 2010-04-20 17:12:10 -0400 (Tue, 20 Apr 2010) | 11 lines
ticket: 6702
target_version: 1.8.2
tags: pullup
Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggered
by ticket renewal. Add a test case.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
Thanks to Joel Johnson and Brian Almeida for the reports.
ticket: 6702
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23914 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23880 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23878 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23849 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23847 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23846 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23844 | ghudson | 2010-03-29 18:08:21 -0400 (Mon, 29 Mar 2010) | 9 lines
ticket: 6693
subject: Fix backwards flag output in krb5_init_creds_step()
tags: pullup
target_version: 1.8.1
krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1
for "continue" and 0 for "stop". Unfortunately, we got it backwards
in 1.8; fix it for 1.8.1.
ticket: 6693
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23845 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23841 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23839 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23834 | tlyu | 2010-03-23 15:00:13 -0700 (Tue, 23 Mar 2010) | 7 lines
ticket: 6678
target_version: 1.8.1
tags: pullup
Apply patch from Arlene Berry to not use freed memory in
gss_import_sec_context in some error paths.
ticket: 6678
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23835 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 11:53:52 -0700 (Tue, 23 Mar 2010) | 8 lines
ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.
ticket: 6690
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23833 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23829 | tlyu | 2010-03-22 23:09:02 -0700 (Mon, 22 Mar 2010) | 10 lines
ticket: 6689
target_version: 1.8.1
tags: pullup
subject: krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
krb5int_fast_process_error was assuming that it was safe to cast it to
krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because
krb5.hin uses #pragma pack on that platform.
ticket: 6689
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23830 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23821 | ghudson | 2010-03-19 20:50:06 -0700 (Fri, 19 Mar 2010) | 17 lines
ticket: 6687
subject: Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
target_version: 1.8.1
tags: pullup
KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data
type, was used to implement PAC-less constrained delegation in krb5
1.8. Unfortunately, it was found that Microsoft was using 142 for
other purposes, which could result in a ticket issued by an MIT or
Heimdal KDC being rejected by a Windows Server 2008 R2 application
server. Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate
among a realm's KDCs, it is relatively easy to change the number, so
MIT and Heimdal are both migrating to a new number. This change will
cause a transitional interoperability issue when a realm mixes MIT
krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal
1.3.2) KDCs, but only for constrained delegation evidence tickets.
ticket: 6687
version_fixed: 1.8.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23828 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23820 | ghudson | 2010-03-19 09:17:05 -0700 (Fri, 19 Mar 2010) | 7 lines
ticket: 6680
target_version: 1.8.1
tags: pullup
Document the ticket_lifetime libdefaults setting (which was added in
r16656, #2656). Based on a patch from nalin@redhat.com.
ticket: 6680
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23827 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23819 | ghudson | 2010-03-18 10:37:31 -0700 (Thu, 18 Mar 2010) | 7 lines
ticket: 6683
target_version: 1.8.1
tags: pullup
Fix the kpasswd fallback from the ccache principal name to the
username in the case where the ccache doesn't exist.
ticket: 6683
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23826 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23815 | ghudson | 2010-03-17 14:10:10 -0700 (Wed, 17 Mar 2010) | 7 lines
ticket: 6681
target_version: 1.8.1
tags: pullup
When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don't
dereference options if it's NULL.
ticket: 6681
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23825 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23810 | tlyu | 2010-03-16 12:14:33 -0700 (Tue, 16 Mar 2010) | 8 lines
ticket: 6685
target_version: 1.8.1
subject: handle NT_SRV_INST in service principal referrals
Handle NT_SRV_INST in service principal cross-realm referrals, as
Windows apparently uses that instead of NT_SRV_HST for at least some
service principals.
ticket: 6685
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23824 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23766 | ghudson | 2010-03-05 12:45:46 -0500 (Fri, 05 Mar 2010) | 10 lines
ticket: 6676
subject: Ignore improperly encoded signedpath AD elements
target_version: 1.8.1
tags: pullup
We have some reason to believe Microsoft and Heimdal are both using
the authdata value 142 for different purposes, leading to failures in
verify_ad_signedpath(). For better interoperability, treat such
tickets as unsigned, rather than invalid.
ticket: 6676
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23809 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23772 | ghudson | 2010-03-05 15:35:26 -0500 (Fri, 05 Mar 2010) | 7 lines
ticket: 6674
target_version: 1.8.1
tags: pullup
Release the internal_name field of a SPNEGO context if it has not been
claimed for a caller argument.
ticket: 6674
status: resolved
version_fixed: 1.8.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23808 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23749 | ghudson | 2010-02-24 13:57:08 -0500 (Wed, 24 Feb 2010) | 9 lines
ticket: 6668
subject: Two problems in kadm5_get_principal mask handling
target_version: 1.8
tags: pullup
KADM5_MOD_NAME was being applied to entry->principal instead of
entry->mod_name. KADM5_MKVNO was not being applied to entry->mkvno.
Patch from Marcus Watts <mdw@umich.edu>.
ticket: 6668
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23807 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23767 | ghudson | 2010-03-05 14:19:42 -0500 (Fri, 05 Mar 2010) | 7 lines
ticket: 6661
target_version: 1.8.1
tags: pullup
Add IPv6 support to changepw.c (reverting r21004 since it is no longer
necessary). Patch from Submit Bose <sbose@redhat.com>.
ticket: 6661
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23806 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23797 dc483132-0cff-0310-8789-dd5450dbe970
|
|
arguments "default" and "logging"
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23795 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23762 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23760 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23755 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23754 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23750 | tlyu | 2010-02-25 15:09:45 -0500 (Thu, 25 Feb 2010) | 7 lines
ticket: 6669
target_version: 1.8
tags: pullup
subject: doc updates for allow_weak_crypto
Update documentation to be more helpful about allow_weak_crypto.
ticket: 6669
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23751 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23742 | ghudson | 2010-02-21 23:52:30 -0500 (Sun, 21 Feb 2010) | 24 lines
ticket: 6603
target_version: 1.8
tags: pullup
Fix two unrelated problems in SPNEGO which don't crop up with the krb5
mechanism.
1. The third call to spnego_init_accept_context uses faulty logic to
determine if the exchange is complete, preventing a third mech token
from being sent to the acceptor if no MIC exchange is required.
Follow the logic used in the second call (in init_ctx_nego), which is
correct.
2. If the acceptor selects a mech other than the optimistic mech, it
sets sc->mic_reqd to 1 whether or not the selected mech supports MICs
(which isn't known until the mech completes). Most code outside of
handle_mic checks sc->mic_reqd along with (sc->ctx_flags &
GSS_C_INTEG_FLAG), but the code in acc_ctx_call_acc neglected to do
so, so it could improperly delegate responsibility for deciding when
the negotiation was finished to handle_mic--which never gets called if
(sc->ctx_flags & GSS_C_INTEG_FLAG) is false. Fix acc_ctx_call_acc to
check sc->ctx_flags so that mechs which don't support integrity
protection can complete if they are selected non-optimistically.
ticket: 6603
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23748 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23735 | ghudson | 2010-02-18 13:49:11 -0500 (Thu, 18 Feb 2010) | 8 lines
ticket: 6659
target_version: 1.8
tags: pullup
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
ticket: 6659
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23747 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23734 | ghudson | 2010-02-18 13:04:47 -0500 (Thu, 18 Feb 2010) | 17 lines
ticket: 6665
subject: Fix cipher state chaining in OpenSSL back end
target_version: 1.8
tags: pullup
Make cipher state chaining work in the OpenSSL back end for des, des3,
and arcfour enc providers. Subtleties:
* DES and DES3 have checks to avoid clobbering ivec with uninitialized
data if there is no data to encrypt.
* Arcfour saves the OpenSSL cipher context across calls. To protect
against a caller improperly copying the state (which happens to work
with other enc providers), a loopback pointer is used, as in GSSAPI.
* EVP_EncryptFinal_ex is unnecessary with stream ciphers and would
interfere with cipher state chaining if it did anything, so just
remove it.
ticket: 6665
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23746 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23730 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23728 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23726 | tlyu | 2010-02-16 17:41:27 -0500 (Tue, 16 Feb 2010) | 8 lines
ticket: 6663
subject: update mkrel to deal with changed source layout
target_version: 1.8
tags: pullup
Update mkrel so it deals somewhat better with removed src/lib/des425,
NOTICES, etc.
ticket: 6663
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23727 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23724 | tlyu | 2010-02-16 17:10:17 -0500 (Tue, 16 Feb 2010) | 10 lines
ticket: 6662
subject: MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
tags: pullup
target_version: 1.8
Code introduced in krb5-1.7 can cause an assertion failure if a
KDC-REQ is internally inconsistent, specifically if the ASN.1 tag
doesn't match the msg_type field. Thanks to Emmanuel Bouillon (NATO
C3 Agency) for discovering and reporting this vulnerability.
ticket: 6662
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23725 dc483132-0cff-0310-8789-dd5450dbe970
|