krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Kevin Wasserman <kevin.wasserman@painless-security.com>	2012-05-14 12:14:20 -0400
committer	Ben Kaduk <kaduk@mit.edu>	2012-08-24 12:23:05 -0400
commit	8020c64554dd25a4f09df8a28dca924c6ecb5608 (patch)
tree	47a6e031fb6621fdcd60890981068ade4a20966f /src/windows/leash
parent	9bc411e72fce5bed3ed00ae5b09f8c239309bae0 (diff)
download	krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.tar.gz krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.tar.xz krb5-8020c64554dd25a4f09df8a28dca924c6ecb5608.zip

Do not be over-restrictive in the presence of UAC

We used to explicitly check if a process was UAC-limited and deny all access to the TGT in that case; however, this makes the MSLSA cache effectively useless. Do not try to outsmart UAC, and let it do its own checking -- this allows UAC-limited access to the MSLSA ccache, which should mean read-write access to service tickets, and write-only access to the TGT. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: delete instead of comment out, move comment.] ticket: 7254 (new) queue: kfw target_version: 1.10.4 tags: pullup

Diffstat (limited to 'src/windows/leash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: