git.samba.org / kai / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b69c40f) | patch
heimdal: remove checking of KDC PAC signature, delegate to wdc plugin
authorAndrew Bartlett <abartlet@samba.org>
Wed, 11 Jan 2012 07:19:14 +0000 (18:19 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 12 Jan 2012 07:02:54 +0000 (18:02 +1100)
commitd087e715fc803eae735636b4ebbb4c0f131f9bb4
treeeee9b2d009e11fc2882defcf5a2d139bd26ead7ctree
parentb69c40ffce7d1ab8828ec6a1df1d46f7e8c51278commit | diff
heimdal: remove checking of KDC PAC signature, delegate to wdc plugin

The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.

This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.

Andrew Bartlett
source4/heimdal/kdc/krb5tgs.c diff | blob | history
Kai's WIP code