diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:20:35 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:20:35 +0000 |
| commit | 02351224e88fa4fa560a8a6073664cbcdfd73b62 (patch) | |
| tree | 32264f8643d576247d92ea249e2dfd25493385a8 | |
| parent | 5bfe3caf46dcc046b66066421ee0a9e9fbc076e3 (diff) | |
| download | krb5-02351224e88fa4fa560a8a6073664cbcdfd73b62.tar.gz krb5-02351224e88fa4fa560a8a6073664cbcdfd73b62.tar.xz krb5-02351224e88fa4fa560a8a6073664cbcdfd73b62.zip | |
Remove support for setting a client flag indicating pkinit is used on the db entry.
I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c.
Also, the flag should be documented to indicate what it means--client attempted pkinit? Client succeeded in using pkinit?
I also wonder whether you want a mechanism for a db plugin to figure out all the padata or fast factors that a request is using.
Note that this flag will need to be added back by at least one vendor.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21694 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/kdc/do_as_req.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 36b550250..12d645980 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -508,9 +508,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } - if (find_pa_data(reply.padata, KRB5_PADATA_PK_AS_REP)) - c_flags |= KRB5_KDB_FLAG_PKINIT; - errcode = handle_authdata(kdc_context, c_flags, &client, |