hdb: add no-auth-data-reqd flag to HDB entry

Add a new flag, no-auth-data-reqd, to the HDB entry which indicates that a PAC should not be included on issued service tickets.
2021-12-23 13:24:10 +11:00
parent 317df4dbd4
commit 0165633964
7 changed files with 26 additions and 1 deletions
--- a/lib/hdb/hdb.asn1
+++ b/lib/hdb/hdb.asn1
@@ -54,6 +54,7 @@ HDBFlags ::= BIT STRING {
 	virtual-keys(20),		-- entry     stored; keys mostly derived
 	virtual(21),			-- entry not stored; keys always derived
 	synthetic(22),			-- entry not stored; for PKINIT
+	no-auth-data-reqd(23),		-- omit PAC from service tickets

 	force-canonicalize(30),		-- force the KDC to return the canonical
 					-- principal irrespective of the setting