heimdal: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
Stefan (metze) Metzmacher
metze at samba.org
Thu Mar 12 02:26:50 MDT 2015
Hi Andrew,
here are some patches to remove the KRB5_PADATA_CLIENT_CANONICALIZED
handling
from heimdal. This PADATA types uses number 133 which is now assigned to
PA-FX-COOKIE in rfc6113.
KRB5_PADATA_CLIENT_CANONICALIZED was specified in
draft-ietf-krb-wg-kerberos-referrals-11.txt,
but it was removed in the final rfc6806. The protection can be archived
by using FAST (rfc6113).
I noticed that our KDC uses KRB5_PADATA_CLIENT_CANONICALIZED in its
responses, while I improved the wireshark kerberos dissector.
https://git.samba.org/?p=metze/wireshark/wip.git;a=shortlog;h=refs/heads/ws-metze-current
has support for FAST (rfc6113) and a lot of other stuff from [MS-KILE],
[MS-SFU] and [MS-PAC].
These patches are also part of my master4-forest-ok branch
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest-ok
which Günther is currently reviewing.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/e74303e5/attachment.pgp>
More information about the samba-technical
mailing list