Luke Howard f73f08eef1 kdc: ensure GSS-API pre-auth acceptor name is TGS ...

The target (acceptor) name for GSS-API pre-authentication should be the name of
the TGS, not the server name in the AS-REQ, as it is the KDC which is being
mutually authenticated. If the client is not requesting a TGT, they may differ.

2021-08-15 09:14:58 +10:00

8.2 KiB

Raw Blame History

View Raw