[Heimdal-source-changes] [heimdal/heimdal] c63414: kdc: use actual client princ for KRB5SignedPath

Luke Howard noreply at github.com
Sön May 19 05:19:08 CEST 2019 

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: c634146b14be9746d70d6a448e9bb2dd6f518c44
      https://github.com/heimdal/heimdal/commit/c634146b14be9746d70d6a448e9bb2dd6f518c44
  Author: Luke Howard <lukeh at padl.com>
  Date:   2019-05-18 (Sat, 18 May 2019)

  Changed paths:
    M kdc/kerberos5.c
    M kdc/krb5tgs.c

  Log Message:
  -----------
  kdc: use actual client princ for KRB5SignedPath

When generating KRB5SignedPath in the AS, use the reply client name rather than
the one from the request, so validation will work correctly in the TGS.


  Commit: 8350f34a05ba2cbc1ead0214eb85352f8e7805ef
      https://github.com/heimdal/heimdal/commit/8350f34a05ba2cbc1ead0214eb85352f8e7805ef
  Author: Luke Howard <lukeh at padl.com>
  Date:   2019-05-18 (Sat, 18 May 2019)

  Changed paths:
    M lib/krb5/init_creds.c
    M lib/krb5/krb5_locl.h
    M lib/krb5/pkinit.c

  Log Message:
  -----------
  krb5: don't require krbtgt otherName match for Win2K

Merged from Apple branch: when the Win2K PKINIT compatibility option is set, do
not require krbtgt otherName to match when validating KDC certificate.


  Commit: fd209c5dca89e599f24a853cc9e9a55dc2d04f4c
      https://github.com/heimdal/heimdal/commit/fd209c5dca89e599f24a853cc9e9a55dc2d04f4c
  Author: Luke Howard <lukeh at padl.com>
  Date:   2019-05-18 (Sat, 18 May 2019)

  Changed paths:
    M lib/krb5/pkinit.c

  Log Message:
  -----------
  krb5: set PKINIT_BTMM flag per Apple implementation


  Commit: a7bb4504f2f3dfb276f8aa154858f46ed1063011
      https://github.com/heimdal/heimdal/commit/a7bb4504f2f3dfb276f8aa154858f46ed1063011
  Author: Luke Howard <lukeh at padl.com>
  Date:   2019-05-18 (Sat, 18 May 2019)

  Changed paths:
    M kuser/klist.c

  Log Message:
  -----------
  klist: display all known flags when listing tickets

Show transited-policy-checked, ok-as-delegate and anonymous flags when listing
credentials.


Compare: https://github.com/heimdal/heimdal/compare/b7fe0fb85a78...a7bb4504f2f3

More information about the Heimdal-source-changes mailing list