diff options
author | Kevin Wasserman <kevin.wasserman@painless-security.com> | 2012-05-14 12:14:20 -0400 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2012-08-24 12:23:05 -0400 |
commit | 8020c64554dd25a4f09df8a28dca924c6ecb5608 (patch) | |
tree | 47a6e031fb6621fdcd60890981068ade4a20966f /src/windows/leash | |
parent | 9bc411e72fce5bed3ed00ae5b09f8c239309bae0 (diff) | |
download | krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.tar.gz krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.tar.xz krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.zip |
Do not be over-restrictive in the presence of UAC
We used to explicitly check if a process was UAC-limited and deny all
access to the TGT in that case; however, this makes the MSLSA cache
effectively useless.
Do not try to outsmart UAC, and let it do its own checking -- this allows
UAC-limited access to the MSLSA ccache, which should mean read-write
access to service tickets, and write-only access to the TGT.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: delete instead of comment out, move comment.]
ticket: 7254 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
Diffstat (limited to 'src/windows/leash')
0 files changed, 0 insertions, 0 deletions