diff options
| author | Sam Hartman <hartmans@mit.edu> | 2003-03-17 01:03:11 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2003-03-17 01:03:11 +0000 |
| commit | eeefea9966e50bf16af6e2df9e8b74d892598bef (patch) | |
| tree | a90a9b3603e6fec48c0b7febcb26e0c83e01752f /src/lib/kdb/ChangeLog | |
| parent | 1b190c9ac0a47f4dbd8db4a2e191758fc8d030f7 (diff) | |
| download | krb5-eeefea9966e50bf16af6e2df9e8b74d892598bef.tar.gz krb5-eeefea9966e50bf16af6e2df9e8b74d892598bef.tar.xz krb5-eeefea9966e50bf16af6e2df9e8b74d892598bef.zip | |
Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option to
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
Ticket: 1385
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb/ChangeLog')
| -rw-r--r-- | src/lib/kdb/ChangeLog | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index d685be6d9..4592b4c19 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,11 @@ +2003-03-16 Sam Hartman <hartmans@mit.edu> + + * keytab.c (krb5_ktkdb_get_entry): Match only against the first + enctype for non-cross-realm tickets so we will only accept + tickets that the current configuration would have issued. For + cross-realm tickets be liberal and match against the specified + enctype. + 2003-03-05 Tom Yu <tlyu@mit.edu> * kdb_xdr.c (krb5_dbe_search_enctype): Check for ktype > 0 rather |