summaryrefslogtreecommitdiffstats
path: root/src/include
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2010-10-01 03:45:43 +0000
committerGreg Hudson <ghudson@mit.edu>2010-10-01 03:45:43 +0000
commitbb441175c30679eb913a839b87478b96923bbaae (patch)
tree768dac7e21addb64aada458af4d5e54d51982cf1 /src/include
parent3e668d20274d528775f7d9c10caff946c10760e2 (diff)
downloadkrb5-bb441175c30679eb913a839b87478b96923bbaae.tar.gz
krb5-bb441175c30679eb913a839b87478b96923bbaae.tar.xz
krb5-bb441175c30679eb913a839b87478b96923bbaae.zip
GSSAPI forwarded credentials must be encrypted in session key
When IAKERB support was added, the krb5_mk_req checksum function gained access to the send subkey. This caused GSSAPI forwarded credentials to be encrypted in the subkey, which violates RFC 4121 section 4.1.1 and is not accepted by Microsoft's implementation. Temporarily null out the send subkey in the auth context so that krb5_mk_ncred uses the session key instead. ticket: 6768 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24399 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2026-01-10 07:00:26 +0000