[Heimdal-source-changes] [heimdal/heimdal] c62322: kdc: perform AS-REQ canonicalization in kdc
GitHub
noreply at github.com
Sat Jan 5 05:51:13 CET 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: c6232299c3b2831d5d8ecf701fcd286ae509fba8
https://github.com/heimdal/heimdal/commit/c6232299c3b2831d5d8ecf701fcd286ae509fba8
Author: Luke Howard <lukeh at padl.com>
Date: 2019-01-05 (Sat, 05 Jan 2019)
Changed paths:
M kdc/kerberos5.c
M lib/hdb/common.c
Log Message:
-----------
kdc: perform AS-REQ canonicalization in kdc
Mirroring the logic recently introduced in the TGS, this patch modifies the KDC
to perform client and server canonicalization itself rather than relying on the
backend to do so. Per RFC 6806, the behavior is slightly different for the AS
in that the setting of the canonicalize flag in the AS-REQ does impact the
returned names in the ticket. In order to support realm canonicalization or
other custom behavior, we allow the backend to force the KDC to canonicalize by
setting the force-canonicalize flag in the returned client or server entries.
Commit: 1b7e196e6608816d18ed81c6fff0383263877478
https://github.com/heimdal/heimdal/commit/1b7e196e6608816d18ed81c6fff0383263877478
Author: Luke Howard <lukeh at padl.com>
Date: 2019-01-05 (Sat, 05 Jan 2019)
Changed paths:
M kdc/kerberos5.c
M lib/hdb/common.c
Log Message:
-----------
kdc: move more name canonicalization logic to KDC
Enterprise principal client names in AS-REQs should always be canonicalized
irrespective of the setting the canonicalize KDC option. Perform this check in
the KDC rather than HDB.
Do not set the HDB_F_GET_KRBTGT flag unless the client actually requested a TGS
principal.
Compare: https://github.com/heimdal/heimdal/compare/6bb8eaca2052...1b7e196e6608
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list