Nicolas Williams ece456b028 krb5: Do not fail to rd_req if no AD-KDC-ISSUED ...

We reject tickets that have no AD-KDC-ISSUED(!).

This was reported by Samba.  The workaround they found was to set
check_pac = true in krb5.conf, as that clobbers the ret from
krb5_ticket_get_authorization_data_type() not having found an
AD-KDC-ISSUED element.

This was introduced in 1cede09a0b.

2023-01-05 17:57:36 -06:00

28 KiB

Raw Blame History

View Raw