sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
3434758637
samba-mirror/source4/kdc/mit-kdb
History
Isaac Boukris 3434758637 Sign and verify PAC with ticket principal instead of canon principal 
With MIT library 1.18 the KDC no longer set
KRB5_KDB_FLAG_CANONICALIZE for enterprise principals which allows
us to not canonicalize them (like in Windows / Heimdal).

However, it now breaks the PAC signature verification as it was
wrongly done using canonical client rather than ticket client name.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-03-10 13:02:27 +00:00
..
kdb_samba_change_pwd.c mit-kdb: Implement KDB function to change passwords 2016-03-17 04:32:29 +01:00
kdb_samba_common.c mit-kdb: Update KDB vtable for DAL version 6 2017-04-29 23:31:08 +02:00
kdb_samba_masterkey.c mit-kdb: Use calloc to initialize master keylists. 2016-03-17 04:32:29 +01:00
kdb_samba_pac.c mit-kdb: Fix NULL pointer check after malloc 2017-07-24 18:45:33 +02:00
kdb_samba_policies.c Sign and verify PAC with ticket principal instead of canon principal 2020-03-10 13:02:27 +00:00
kdb_samba_principals.c mit-kdb: support MIT Kerberos 1.16 KDB API changes 2018-01-19 01:36:22 +01:00
kdb_samba.c Adapt sign_authdata in our KDB module for krb5 v1.18 2020-03-10 13:02:27 +00:00
kdb_samba.h Adapt sign_authdata in our KDB module for krb5 v1.18 2020-03-10 13:02:27 +00:00
wscript_build mit-kdb: Implement KDB function to change passwords 2016-03-17 04:32:29 +01:00