eUPN and Kerberos PAC issues
Stefan (metze) Metzmacher
metze at samba.org
Thu Mar 12 02:05:03 MDT 2015
Hi Andrew,
>>> I noticed it only because the PAC in the AS-REP and referral ticket where
>>> generated by a Windows 2012R2 KDC and the samba/heimdal kdc
>>> fails to verify the PAC in the TGS-REQ.
>>>
>>> I'll have a look at the patches later, thanks!
>>>
>>> metze
>>>
>>
>> Thanks. It seems I broke samba4.local.pac, so I'll investigate that
>> tomorrow if it isn't obvious to you.
>
> This showed up that we got things wrong in our old PAC-creation code,
> and made me think about UPN and samAccountName values with spaces in
> them. The attached patches fixes these cases as well.
>
> Attached is the whole series. Please review/push when you are able.
Pushed with minor whitespace fixes
and splitting/reordering some patches.
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/b75f1e05/attachment.pgp>
More information about the samba-technical
mailing list