diff options
Diffstat (limited to 'krb5-1.2.7-reject-bad-transited.patch')
-rw-r--r-- | krb5-1.2.7-reject-bad-transited.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/krb5-1.2.7-reject-bad-transited.patch b/krb5-1.2.7-reject-bad-transited.patch new file mode 100644 index 0000000..b4c26b0 --- /dev/null +++ b/krb5-1.2.7-reject-bad-transited.patch @@ -0,0 +1,18 @@ +--- krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:21.000000000 -0500 ++++ krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:11.000000000 -0500 +@@ -138,6 +138,15 @@ + strings specifies the default key/salt combinations of principals for this + realm. + ++.IP reject_bad_transit ++This ++.B boolean string ++specifies whether or not the KDC should reject cross-realm TGS requests if the ++request's list of transited realms names realms which would not be included ++in the transit path if the path were to be computed using the KDC's krb5.conf ++file, or if the client requests that the KDC not perform such a check. The ++default is for this option to be enabled. ++ + .SH FILES + /usr/local/lib/krb5kdc/kdc.conf + |