[Heimdal-source-changes] [heimdal/heimdal] 86554f: Use correct value for anonymous flags
GitHub
noreply at github.com
Sat Aug 23 06:35:22 CEST 2014
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 86554f5a7f81da1efa2849fa6961ca71ad3b8e90
https://github.com/heimdal/heimdal/commit/86554f5a7f81da1efa2849fa6961ca71ad3b8e90
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-02 (Wed, 02 Jul 2014)
Changed paths:
M lib/asn1/krb5.asn1
Log Message:
-----------
Use correct value for anonymous flags
The KDC Option and Ticket Flag for the anonymous extension were changed
from 14 to 16 due to a conflict with S4U2Proxy in version 11 of the anonymous
draft (now RFC6112). Fix the definitions
Commit: 5f2a93f5ca529bc38c465fe2d3eed22e8a4b9722
https://github.com/heimdal/heimdal/commit/5f2a93f5ca529bc38c465fe2d3eed22e8a4b9722
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-03 (Thu, 03 Jul 2014)
Changed paths:
M kdc/kerberos5.c
M kdc/pkinit.c
Log Message:
-----------
Recognize anonymous AS requests using bit 14
Check KDC Option bit 14 in addition to 16 when identifying anonymous
AS-REQs. This provides compatibility with older heimdal releases.
Commit: bf7f31ee0959c20365b68b71540a66df005ba168
https://github.com/heimdal/heimdal/commit/bf7f31ee0959c20365b68b71540a66df005ba168
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-03 (Thu, 03 Jul 2014)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
Include empty PKINIT-KX padata
rfc6112 requires kdcs implementing anonymous PKINIT to include an
empty PKINIT-KX padata in PREAUTH_REQUIRED messages.
Including this improves compatibility with MIT kerberos.
Commit: c2e2de7384c410c240cb54dc3637e2eb9e510ae6
https://github.com/heimdal/heimdal/commit/c2e2de7384c410c240cb54dc3637e2eb9e510ae6
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-03 (Thu, 03 Jul 2014)
Changed paths:
M kdc/pkinit.c
Log Message:
-----------
When using PKINIT with DH, compute session key
RFC6112 provides a method of computing a session key when the PKINIT DH
is used, and mandates it for anonymous pkinit. The session key is computed
using KRB-FX-CF2 from the reply key and a random key chosen by the kdc.
The random key is provided to the client, which is supposed to verify
that the session key was computed this way.
Commit: f3789f8cc5b8f047a977754109966e0182e4b061
https://github.com/heimdal/heimdal/commit/f3789f8cc5b8f047a977754109966e0182e4b061
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-06 (Sun, 06 Jul 2014)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
Document logic in _krb5_is_anon_request
describe why we look at the different bits and fields
Commit: f07ee072883ffa4015abb671ea15d585539992b8
https://github.com/heimdal/heimdal/commit/f07ee072883ffa4015abb671ea15d585539992b8
Author: Chaskiel Grundman <cg2v at andrew.cmu.edu>
Date: 2014-07-07 (Mon, 07 Jul 2014)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
Use anon realm for anonymous PKINIT
When an AS request names the anonymous principal, use the anonymous
realm in the response and ticket.
Commit: 4569c07522ba54a5dff339ef4178a55821e7cfdf
https://github.com/heimdal/heimdal/commit/4569c07522ba54a5dff339ef4178a55821e7cfdf
Author: Love Hörnquist Åstrand <lha at h5l.org>
Date: 2014-08-22 (Fri, 22 Aug 2014)
Changed paths:
M kdc/kerberos5.c
M kdc/pkinit.c
M lib/asn1/krb5.asn1
Log Message:
-----------
Merge pull request #110 from cg2v/anonymous-pkinit
Anonymous pkinit improvements
Compare: https://github.com/heimdal/heimdal/compare/42d4c2b44b93...4569c07522ba
More information about the Heimdal-source-changes
mailing list