Only check service key for cross realm PACs.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20265 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -1708,19 +1708,23 @@ server_lookup:
|
||||
}
|
||||
|
||||
/* check PAC if there is one */
|
||||
if (!cross_realm) {
|
||||
{
|
||||
Key *tkey;
|
||||
krb5_keyblock *tgtkey = NULL;
|
||||
|
||||
ret = hdb_enctype2key(context, &krbtgt->entry,
|
||||
krbtgt_etype, &tkey);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Failed to find key for krbtgt PAC check");
|
||||
goto out;
|
||||
if (!cross_realm) {
|
||||
ret = hdb_enctype2key(context, &krbtgt->entry,
|
||||
krbtgt_etype, &tkey);
|
||||
if(ret) {
|
||||
kdc_log(context, config, 0,
|
||||
"Failed to find key for krbtgt PAC check");
|
||||
goto out;
|
||||
}
|
||||
tgtkey = &tkey->key;
|
||||
}
|
||||
|
||||
ret = check_PAC(context, config, client_principal,
|
||||
client, server, ekey, &tkey->key,
|
||||
client, server, ekey, tgtkey,
|
||||
tgt, &rspac, &require_signedpath);
|
||||
if (ret) {
|
||||
kdc_log(context, config, 0,
|
||||
|
Reference in New Issue
Block a user