Add support for user principal names in certificates [HEIMDAL-602]
This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test).
This commit is contained in:
Andrew Bartlett
committed by
Love Hornquist Astrand
Love Hornquist Astrand
parent
147184381e
commit
f8c121b282
@@ -1053,6 +1053,7 @@ _kdc_as_rep(krb5_context context,
|
||||
|
||||
ret = _kdc_pk_check_client(context,
|
||||
config,
|
||||
clientdb,
|
||||
client,
|
||||
pkp,
|
||||
&client_cert);
|
||||
|
||||
Reference in New Issue
Block a user