[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #6948] git commit
From: "Greg Hudson via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-04-29 16:09:33
Message-ID: rt-6948-38534.11.936109956189 () krbdev ! mit ! edu
[Download RAW message or body]
Better fix for not using expired TGTs in TGS-REQs
We want to generate a KRB5_AP_ERR_TKT_EXPIRED code when the TGT is
expired, like we would if we tried the TGT against the KCD. To make
this work, separate the helpers for getting local and crossrealm
cached TGTs. For a crossrealm TGT, match against the endtime, as
there could be multiple entries. For a local TGT, find any match, but
check if it's expired. The cache_code field is no longer needed after
this change, so get rid of it.
https://github.com/krb5/krb5/commit/bcece3a8289dcce0dc0a2bf7a35ed339ee9a98ec
Author: Greg Hudson <ghudson@mit.edu>
Commit: bcece3a8289dcce0dc0a2bf7a35ed339ee9a98ec
Branch: master
src/lib/krb5/krb/get_creds.c | 144 ++++++++++++++++++++++++++---------------
1 files changed, 91 insertions(+), 53 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic