From 0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 31 Aug 2013 11:45:48 -0400
Subject: Support FAST hide-client-names option

In the KDC, if we see the hide-client-names option, identify the
client as the anonymous principal in KDC-REP and KRB-ERROR responses.
The actual client name is present in encrypted FAST elements.

ticket: 7700 (new)
---
 src/include/k5-int.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/include')

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index ab97f40bb..d6f9325eb 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -778,7 +778,7 @@ typedef struct _krb5_fast_req {
 
 /* Bits 0-15 are critical in fast options.*/
 #define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
-#define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES 0x01
+#define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES  0x40000000
 
 typedef struct _krb5_fast_finished {
     krb5_timestamp timestamp;
-- 
cgit