oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: honor PAC_ATTRIBUTES in presented TGT

Browse Source 
PACs are included when issuing TGTs, if there is no PAC_ATTRIBUTES buffer
(legacy behavior) or if the attributes buffer indicates the AS client requested
one.
This commit is contained in:
Luke Howard
2021-12-22 17:13:13 +11:00
parent b4f3617964
commit f18c9e06a8
5 changed files with 66 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/kdc/check-kdc.in
View File

@@ -511,6 +511,20 @@ for a in $enctypes; do
done
${kdestroy}
echo "Getting client initial tickets without PAC"; > messages.log
${kinit} --no-request-pac --password-file=${objdir}/foopassword foo@$R || \
{ ec=1 ; eval "${testfailed}"; }
for a in $enctypes; do
echo "Getting tickets ($a)"; > messages.log
${kgetcred} -e $a ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
${test_ap_req} ${server}@${R} ${keytab} ${cache} && \
{ ec=1 ; eval "${testfailed}"; }
${test_ap_req} --no-verify-pac ${server}@${R} ${keytab} ${cache} || \
{ ec=1 ; eval "${testfailed}"; }
${kdestroy} --credential=${server}@${R}
done
${kdestroy}
echo "Getting client authenticated anonymous initial tickets"; > messages.log
${kinit} -n --password-file=${objdir}/foopassword foo@$R || \
{ ec=1 ; eval "${testfailed}"; }