svn commit: samba r11543 - in branches/SAMBA_4_0/source: auth auth/gensec auth/kerberos heimdal/kdc heimdal/lib/hdb heimdal/lib/krb5 kdc torture/auth

abartlet at samba.org abartlet at samba.org
Mon Nov 7 02:29:40 GMT 2005


Author: abartlet
Date: 2005-11-07 02:29:37 +0000 (Mon, 07 Nov 2005)
New Revision: 11543

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11543

Log:
A major upgrade to our KDC and PAC handling.

We now put the PAC in the AS-REP, so that the client has it in the
TGT.  We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.

This should also allow us to interop with windows KDCs.

If we get an invalid PAC at the TGS stage, we just drop it.

I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy.  This
continues that trend.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/auth_sam.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
   branches/SAMBA_4_0/source/auth/kerberos/kerberos.h
   branches/SAMBA_4_0/source/auth/kerberos/kerberos_pac.c
   branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c
   branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb.h
   branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h
   branches/SAMBA_4_0/source/heimdal/lib/krb5/mk_req.c
   branches/SAMBA_4_0/source/heimdal/lib/krb5/ticket.c
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c
   branches/SAMBA_4_0/source/kdc/pac-glue.c
   branches/SAMBA_4_0/source/kdc/pac-glue.h
   branches/SAMBA_4_0/source/torture/auth/pac.c


Changeset:
Sorry, the patch is too large (1425 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11543


More information about the samba-cvs mailing list