svn commit: samba r11543 - in branches/SAMBA_4_0/source: auth
auth/gensec auth/kerberos heimdal/kdc heimdal/lib/hdb
heimdal/lib/krb5 kdc torture/auth
abartlet at samba.org
abartlet at samba.org
Mon Nov 7 02:29:40 GMT 2005
Author: abartlet
Date: 2005-11-07 02:29:37 +0000 (Mon, 07 Nov 2005)
New Revision: 11543
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11543
Log:
A major upgrade to our KDC and PAC handling.
We now put the PAC in the AS-REP, so that the client has it in the
TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.
This should also allow us to interop with windows KDCs.
If we get an invalid PAC at the TGS stage, we just drop it.
I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy. This
continues that trend.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/auth_sam.c
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
branches/SAMBA_4_0/source/auth/kerberos/kerberos.h
branches/SAMBA_4_0/source/auth/kerberos/kerberos_pac.c
branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c
branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb.h
branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h
branches/SAMBA_4_0/source/heimdal/lib/krb5/mk_req.c
branches/SAMBA_4_0/source/heimdal/lib/krb5/ticket.c
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
branches/SAMBA_4_0/source/kdc/pac-glue.c
branches/SAMBA_4_0/source/kdc/pac-glue.h
branches/SAMBA_4_0/source/torture/auth/pac.c
Changeset:
Sorry, the patch is too large (1425 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11543
More information about the samba-cvs
mailing list