diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-12-01 20:01:46 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-12-01 20:01:46 +0000 |
| commit | 9479352bf9c570659ebdc40561ac81a7eb292b08 (patch) | |
| tree | 3a4fc5078619402e8aba1386d2a99f58a207efc2 /src/kdc/extern.h | |
| parent | cdd631f3ec5c02f9c2983f459f944577a5a0c3e2 (diff) | |
| download | krb5-9479352bf9c570659ebdc40561ac81a7eb292b08.tar.gz krb5-9479352bf9c570659ebdc40561ac81a7eb292b08.tar.xz krb5-9479352bf9c570659ebdc40561ac81a7eb292b08.zip | |
Implement restrict_anonymous_to_tgt realm flag
Implement a new realm flag to reject ticket requests from anonymous
principals to any principal other than the local TGT. Allows FAST to
be deployed using anonymous tickets as armor in realms where the set
of authenticatable users must be constrained.
ticket: 6829
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/extern.h')
| -rw-r--r-- | src/kdc/extern.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kdc/extern.h b/src/kdc/extern.h index 24bad20a5..236e5ccd9 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -74,6 +74,7 @@ typedef struct __kdc_realm_data { krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ + krb5_boolean realm_restrict_anon; /* Anon to local TGT only */ } kdc_realm_t; extern kdc_realm_t **kdc_realmlist; @@ -95,6 +96,7 @@ kdc_realm_t *find_realm_data (char *, krb5_ui_4); #define master_princ kdc_active_realm->realm_mprinc #define tgs_server kdc_active_realm->realm_tgsprinc #define reject_bad_transit kdc_active_realm->realm_reject_bad_transit +#define restrict_anon kdc_active_realm->realm_restrict_anon /* various externs for KDC */ extern krb5_data empty_string; /* an empty string */ |