oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: remove KRB5SignedPath, to be replaced with PAC

Browse Source 
KRB5SignedPath was a Heimdal-specific authorization data element used to
protect the authenticity of evidence tickets when used in constrained
delegation (without a Windows PAC).

Remove this, to be replaced with the Windows PAC which itself now supports
signing the entire ticket in the TGS key.
This commit is contained in:
Isaac Boukris
2020-12-28 22:07:10 +02:00
committed by Luke Howard
parent 544515931b
commit bb1d8f2a8c
5 changed files with 1 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/kdc/check-kdc.in
View File

@@ -903,7 +903,7 @@ ${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \
${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
{ ec=1 ; eval "${testfailed}"; }
echo "test constrained delegation impersonation (missing KRB5SignedPath)"; > messages.log
echo "test constrained delegation impersonation (missing PAC)"; > messages.log
rm -f ocache.krb5
${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} -f forwardable || \
{ ec=1 ; eval "${testfailed}"; }