heimdal

oysteikt/heimdal

Fork 0

Commit Graph

Author	SHA1	Message	Date
Luke Howard	f73f08eef1	kdc: ensure GSS-API pre-auth acceptor name is TGS The target (acceptor) name for GSS-API pre-authentication should be the name of the TGS, not the server name in the AS-REQ, as it is the KDC which is being mutually authenticated. If the client is not requesting a TGT, they may differ.	2021-08-15 09:14:58 +10:00
Luke Howard	49f3f5bd99	kdc: support for GSS-API pre-authentication Add support for GSS-API pre-authentication to the KDC, using a simplified variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context tokens directly in PADATA, and uses FX-COOKIE for state management. More information on the protocol and implementation may be found in lib/gssapi/preauth/README.md.	2021-08-12 17:37:01 +10:00

Author

SHA1

Message

Date

Luke Howard

f73f08eef1

kdc: ensure GSS-API pre-auth acceptor name is TGS

The target (acceptor) name for GSS-API pre-authentication should be the name of
the TGS, not the server name in the AS-REQ, as it is the KDC which is being
mutually authenticated. If the client is not requesting a TGT, they may differ.

2021-08-15 09:14:58 +10:00

Luke Howard

49f3f5bd99

kdc: support for GSS-API pre-authentication

Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.

More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.

2021-08-12 17:37:01 +10:00

2 Commits