oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: support for GSS-API pre-authentication

Browse Source 
Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.

More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.
This commit is contained in:
Luke Howard
2021-07-29 12:56:10 +10:00
parent 15c82996a4
commit 49f3f5bd99
40 changed files with 3132 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/gssapi/libgssapi-exports.def
View File

@@ -40,6 +40,7 @@ EXPORTS
gss_export_name
gss_export_name_composite
gss_export_sec_context
gss_get_instance
gss_get_mic
gss_get_neg_mechs
gss_get_name_attribute
@@ -122,6 +123,14 @@ EXPORTS
gsskrb5_set_send_to_kdc
gsskrb5_set_time_offset
krb5_gss_register_acceptor_identity
krb5_gss_set_init_creds
_krb5_gss_data_to_buffer
_krb5_gss_buffer_to_data
_krb5_gss_map_error
_krb5_gss_pa_parse_name
_krb5_gss_pa_unparse_name
_krb5_gss_pa_derive_key
; _gsskrb5cfx_ are really internal symbols, but export
; then now to make testing easier.