git.samba.org - nivanova/samba-autobuild/.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Mon, 7 Nov 2005 02:29:37 +0000 (02:29 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:45:52 +0000 (13:45 -0500)
commit	918c7634c21deb0aa89388bb3d9e147bfc8576c8
tree	4c56c62cda7f8f72f3eb808e26029c87f8479ef0	tree
parent	f7ca7308490c5bb41c6e42e7fe52f6b2586d3d5d	commit \| diff

r11543: A major upgrade to our KDC and PAC handling.

We now put the PAC in the AS-REP, so that the client has it in the
TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.

This should also allow us to interop with windows KDCs.

If we get an invalid PAC at the TGS stage, we just drop it.

I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy. This
continues that trend.

Andrew Bartlett
(This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)

source4/auth/auth_sam.c		diff \| blob \| history
source4/auth/gensec/gensec_gssapi.c		diff \| blob \| history
source4/auth/gensec/gensec_krb5.c		diff \| blob \| history
source4/auth/kerberos/kerberos.h		diff \| blob \| history
source4/auth/kerberos/kerberos_pac.c		diff \| blob \| history
source4/heimdal/kdc/kerberos5.c		diff \| blob \| history
source4/heimdal/lib/hdb/hdb.h		diff \| blob \| history
source4/heimdal/lib/krb5/krb5-private.h		diff \| blob \| history
source4/heimdal/lib/krb5/mk_req.c		diff \| blob \| history
source4/heimdal/lib/krb5/ticket.c		diff \| blob \| history
source4/kdc/hdb-ldb.c		diff \| blob \| history
source4/kdc/pac-glue.c		diff \| blob \| history
source4/kdc/pac-glue.h		diff \| blob \| history
source4/torture/auth/pac.c		diff \| blob \| history