[Heimdal-source-changes] [heimdal/heimdal] d6337e: Export krb5_crypto_prfplus() from libkrb5
Roland C. Dowdeswell
noreply at github.com
Ons Sep 18 22:20:49 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: d6337ebdcead7f3ef5df39323924d2026342b59e
https://github.com/heimdal/heimdal/commit/d6337ebdcead7f3ef5df39323924d2026342b59e
Author: Roland C. Dowdeswell <roland.dowdeswell at twosigma.com>
Date: 2019-09-18 (Wed, 18 Sep 2019)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/version-script.map
Log Message:
-----------
Export krb5_crypto_prfplus() from libkrb5
Commit: 366b787917f1ba0d5b38b79d4626e83d8b1b8b93
https://github.com/heimdal/heimdal/commit/366b787917f1ba0d5b38b79d4626e83d8b1b8b93
Author: Roland C. Dowdeswell <roland.dowdeswell at twosigma.com>
Date: 2019-09-18 (Wed, 18 Sep 2019)
Changed paths:
M kdc/default_config.c
M kdc/kdc.h
M kdc/misc.c
Log Message:
-----------
We provide a "derived key" mechanism to allow wildcard princs
In order to support certain use cases, we implement a mechanism to
allow wildcard principals to be defined and for the KDC to issue
tickets for said principals by deriving a key for them from a
cluster master entry in the HDB.
The way that this works is we defined an entry of the form:
WELLKNOWN/DERIVED-KEY/KRB5-CRYPTO-PRFPLUS/<hostname>@REALM
When reading from the Kerberos DB, if we can't find an entry for
what looks like a hostbased principal, then we will attempt to
search for a principal of the above form chopping name components
off the front as we search.
If we find an entry, then we derive keys for it by using
krb5_crypto_prfplus() with the entry's key and the principal name
of the request.
Compare: https://github.com/heimdal/heimdal/compare/20557e2255c8...366b787917f1
More information about the Heimdal-source-changes
mailing list