Add message hash support to the replay interface, using extension

records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2009-01-12 18:29:42 +0000
committer: Greg Hudson <ghudson@mit.edu> 2009-01-12 18:29:42 +0000
commit: 529e72785f09c36a9aa34fd7f3fc30fb41a1c92e (patch)
tree: f3eabb982f7d8eb8cedf54fa4389d8ccc99ebd19 /src/kdc
parent: 648e32a9034138369d52f9bb29d3d6293d5733e5 (diff)
download: krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.gz
krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.xz
krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index c059216a11..8ea296940e 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -2396,6 +2396,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client,
 	/* Now check the replay cache. */
 	rep.client = princ_psr;
 	rep.server = "SAM/rc";  /* Should not match any principal name. */
+	rep.msghash = NULL;
 	rep.ctime = psr->stime;
 	rep.cusec = psr->susec;
 	retval = krb5_rc_store(kdc_context, kdc_rcache, &rep);
author	Greg Hudson <ghudson@mit.edu>	2009-01-12 18:29:42 +0000
committer	Greg Hudson <ghudson@mit.edu>	2009-01-12 18:29:42 +0000
commit	529e72785f09c36a9aa34fd7f3fc30fb41a1c92e (patch)
tree	f3eabb982f7d8eb8cedf54fa4389d8ccc99ebd19 /src/kdc
parent	648e32a9034138369d52f9bb29d3d6293d5733e5 (diff)
download	krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.gz krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.tar.xz krb5-529e72785f09c36a9aa34fd7f3fc30fb41a1c92e.zip