git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7026b08) | patch
s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 8 Aug 2023 22:47:08 +0000 (10:47 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 14 Aug 2023 04:57:34 +0000 (04:57 +0000)
commit0cf658cd10d3a2cee429615f3c01bb6bd4bd4ddb
tree48180fcc1b190b64ebc964210fcb60ef7b89e99atree
parent7026b08e23e2b64b1cbbaa2b95a14b6b4350cef0commit | diff
s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users

If an authentication policy enforces a maximum TGT lifetime for a
Protected User, that limit should stand in place of the four-hour limit
usually applied to Protected Users; we should nevertheless continue to
ensure that forwardable or proxiable tickets are not issued to such
users.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail_heimdal_kdc diff | blob | history
selftest/knownfail_mit_kdc_1_20 diff | blob | history
source4/kdc/db-glue.c diff | blob | history
Samba Shared Repository