eUPN and Kerberos PAC issues
Stefan (metze) Metzmacher
metze at samba.org
Thu Mar 12 02:05:03 MDT 2015
>>> I noticed it only because the PAC in the AS-REP and referral ticket where
>>> generated by a Windows 2012R2 KDC and the samba/heimdal kdc
>>> fails to verify the PAC in the TGS-REQ.
>>> I'll have a look at the patches later, thanks!
>> Thanks. It seems I broke samba4.local.pac, so I'll investigate that
>> tomorrow if it isn't obvious to you.
> This showed up that we got things wrong in our old PAC-creation code,
> and made me think about UPN and samAccountName values with spaces in
> them. The attached patches fixes these cases as well.
> Attached is the whole series. Please review/push when you are able.
Pushed with minor whitespace fixes
and splitting/reordering some patches.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the samba-technical