[Heimdal-source-changes] [heimdal/heimdal] c63414: kdc: use actual client princ for KRB5SignedPath
Luke Howard
noreply at github.com
Sön May 19 05:19:08 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: c634146b14be9746d70d6a448e9bb2dd6f518c44
https://github.com/heimdal/heimdal/commit/c634146b14be9746d70d6a448e9bb2dd6f518c44
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-18 (Sat, 18 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
Log Message:
-----------
kdc: use actual client princ for KRB5SignedPath
When generating KRB5SignedPath in the AS, use the reply client name rather than
the one from the request, so validation will work correctly in the TGS.
Commit: 8350f34a05ba2cbc1ead0214eb85352f8e7805ef
https://github.com/heimdal/heimdal/commit/8350f34a05ba2cbc1ead0214eb85352f8e7805ef
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-18 (Sat, 18 May 2019)
Changed paths:
M lib/krb5/init_creds.c
M lib/krb5/krb5_locl.h
M lib/krb5/pkinit.c
Log Message:
-----------
krb5: don't require krbtgt otherName match for Win2K
Merged from Apple branch: when the Win2K PKINIT compatibility option is set, do
not require krbtgt otherName to match when validating KDC certificate.
Commit: fd209c5dca89e599f24a853cc9e9a55dc2d04f4c
https://github.com/heimdal/heimdal/commit/fd209c5dca89e599f24a853cc9e9a55dc2d04f4c
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-18 (Sat, 18 May 2019)
Changed paths:
M lib/krb5/pkinit.c
Log Message:
-----------
krb5: set PKINIT_BTMM flag per Apple implementation
Commit: a7bb4504f2f3dfb276f8aa154858f46ed1063011
https://github.com/heimdal/heimdal/commit/a7bb4504f2f3dfb276f8aa154858f46ed1063011
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-18 (Sat, 18 May 2019)
Changed paths:
M kuser/klist.c
Log Message:
-----------
klist: display all known flags when listing tickets
Show transited-policy-checked, ok-as-delegate and anonymous flags when listing
credentials.
Compare: https://github.com/heimdal/heimdal/compare/b7fe0fb85a78...a7bb4504f2f3
More information about the Heimdal-source-changes
mailing list