Luke Howard 63557427e0
kdc: allow anonymous AS requests with long-term keys ...
RFC8062 section 4.1 allows clients with long-term KDC keys to set the anonymous
flag; in this case their identity is authenticated but the returned ticket
contains the anonymous principal name as the client name.
kdc: allow authenticated anonymous PKINIT
The KDC PKINIT code conflated the checks for authenticated and unauthenticated
anonymous by only looking at the anonymous KDC request option.
2019-05-14 15:16:19 -04:00
2011-07-24 13:07:07 -07:00
2016-12-06 22:44:23 -06:00
2017-10-30 18:39:23 -04:00
2016-11-14 21:29:47 -06:00
2018-05-13 15:31:13 +10:00
2016-02-26 01:04:31 -06:00
2017-12-05 19:01:04 -05:00
2016-01-20 15:03:30 -06:00
2010-08-20 13:06:54 -04:00
2011-05-21 11:57:31 -07:00
2013-10-15 12:40:39 +02:00
2013-10-15 12:40:39 +02:00
2010-08-20 13:06:54 -04:00
2011-05-21 11:57:31 -07:00
2017-04-29 01:05:59 -04:00
2016-12-06 22:44:23 -06:00
2012-02-20 19:45:41 +00:00
2016-06-09 01:13:14 -04:00
2010-08-20 13:06:54 -04:00
2014-04-28 01:02:45 +02:00
2016-11-14 21:29:47 -06:00
2019-05-14 15:16:19 -04:00
2019-01-07 16:33:08 +11:00
2010-08-20 13:06:54 -04:00
2011-05-21 11:57:31 -07:00
2018-12-30 15:39:49 -06:00
2017-01-27 00:37:08 -05:00
2019-01-05 10:48:04 +11:00
2010-08-20 13:06:54 -04:00
2011-11-28 14:42:06 -06:00
2016-12-19 19:10:49 -05:00
2016-05-14 22:28:25 +12:00
2016-11-14 21:29:47 -06:00
2017-10-11 17:13:07 -05:00
2016-04-15 00:16:17 -05:00
2016-04-17 17:10:08 -05:00
2019-05-14 15:16:19 -04:00
2014-08-23 18:54:05 -07:00
2008-09-13 09:21:03 +00:00
2011-05-21 11:57:31 -07:00
2010-08-20 13:06:54 -04:00
2011-05-21 11:57:31 -07:00
2013-06-28 08:40:49 +02:00
2019-01-05 10:48:04 +11:00
2011-07-24 20:24:35 -07:00
2019-01-14 06:12:36 -05:00
63557427e0