oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Add [kdc] params to control PA-ENC-TIMESTAMP

Browse Source
This commit is contained in:
Nicolas Williams
2021-12-08 21:22:09 -06:00
committed by Luke Howard
parent 717ad8b043
commit 660f875a34
4 changed files with 44 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kdc/default_config.c
View File

@@ -100,6 +100,8 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->historical_anon_realm = FALSE;
c->strict_nametypes = FALSE;
c->trpolicy = TRPOLICY_ALWAYS_CHECK;
c->enable_armored_pa_enc_timestamp = TRUE;
c->enable_unarmored_pa_enc_timestamp = TRUE;
c->enable_pkinit = FALSE;
c->pkinit_princ_in_cert = TRUE;
c->pkinit_require_binding = TRUE;
@@ -251,6 +253,21 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->kdc_warn_pwexpire,
"kdc", "kdc_warn_pwexpire", NULL);
c->enable_armored_pa_enc_timestamp =
krb5_config_get_bool_default(context,
NULL,
c->enable_armored_pa_enc_timestamp,
"kdc",
"enable_armored_pa_enc_timestamp",
NULL);
c->enable_unarmored_pa_enc_timestamp =
krb5_config_get_bool_default(context,
NULL,
c->enable_unarmored_pa_enc_timestamp,
"kdc",
"enable_unarmored_pa_enc_timestamp",
NULL);
c->enable_pkinit =
krb5_config_get_bool_default(context,