oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: move more name canonicalization logic to KDC

Browse Source 
Enterprise principal client names in AS-REQs should always be canonicalized
irrespective of the setting the canonicalize KDC option. Perform this check in
the KDC rather than HDB.

Do not set the HDB_F_GET_KRBTGT flag unless the client actually requested a TGS
principal.
This commit is contained in:
Luke Howard
2019-01-05 15:36:50 +11:00
parent c6232299c3
commit 1b7e196e66
2 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/hdb/common.c
View File

@@ -119,7 +119,6 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
if (ret)
return ret;
principal = enterprise_principal;
flags |= HDB_F_CANON; /* enterprise implies canonicalization */
}
hdb_principal2key(context, principal, &key);