[Heimdal-source-changes] [heimdal/heimdal] ec39b8: kdc: fix kx509 service principal match
GitHub
noreply at github.com
Fre Jan 27 06:37:26 CET 2017
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: ec39b832ff3921c6a38ac0a63c3cdb7e9b1a9c3c
https://github.com/heimdal/heimdal/commit/ec39b832ff3921c6a38ac0a63c3cdb7e9b1a9c3c
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2017-01-27 (Fri, 27 Jan 2017)
Changed paths:
M kdc/kx509.c
M lib/krb5/principal.c
Log Message:
-----------
kdc: fix kx509 service principal match
Each KDC is a kx509 server. The service principal must be of the
form
kca_service/<localhost.domain>@<DEFAULT_REALM>
where localhost.domain is the hostname returned by gethostname()
and <DEFAULT_REALM> is one of the realms for which the KDC has a service
principal "kca_service/<localhost.domain>".
The matching code was broken by a5e77c578e2719d3e7e2e1d8c8ec117ac925fc62
when krb5_sname_to_principal() began to always return a referral
principal.
Since the second component is a host name update the default principal
type for service "kca_service" to be KRB5_NT_SRV_HST.
Change-Id: I6bd5f90b674ebb7220d8efafa6d339fdc21e1a07
Commit: ae432b0264316dd6734c1386a391d5d28fa5535a
https://github.com/heimdal/heimdal/commit/ae432b0264316dd6734c1386a391d5d28fa5535a
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2017-01-27 (Fri, 27 Jan 2017)
Changed paths:
M windows/NTMakefile.config
Log Message:
-----------
Windows: include KX509 support
Change-Id: I6e7920d1ad2c58640c9a2d4ec10793024ae949c2
Compare: https://github.com/heimdal/heimdal/compare/656e4c4f42bc...ae432b026431
More information about the Heimdal-source-changes
mailing list