4112f6fc79
Assists Samba to address CVE-2020-25719 This may be contary to RFC4120 3.3.3 at https://datatracker.ietf.org/doc/html/rfc4120/#section-3.3.3 (clearer in the GSS mechanism here: https://datatracker.ietf.org/doc/html/draft-swift-win2k-krb-user2user-03 ) as server-name is decribed as optional, however Windows AD and Samba both require that the server-name exist and be a valid SPN matching the provided TGT. The lookup of SPN -> entry ensures that the SPN the client thought it was connecting to was held by the target server. it could be the typical user principal, or a service principal, but needs to be checked for the client not to be fooled into connecting to the wrong service. Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (Similar to Samba commit fd50fecbe99ae4fc63843c796d0a516731a1fe6a)
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status