eUPN and Kerberos PAC issues
abartlet at samba.org
Thu Mar 12 03:28:58 MDT 2015
On Thu, 2015-03-12 at 09:05 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> >>> I noticed it only because the PAC in the AS-REP and referral ticket where
> >>> generated by a Windows 2012R2 KDC and the samba/heimdal kdc
> >>> fails to verify the PAC in the TGS-REQ.
> >>> I'll have a look at the patches later, thanks!
> >>> metze
> >> Thanks. It seems I broke samba4.local.pac, so I'll investigate that
> >> tomorrow if it isn't obvious to you.
> > This showed up that we got things wrong in our old PAC-creation code,
> > and made me think about UPN and samAccountName values with spaces in
> > them. The attached patches fixes these cases as well.
> > Attached is the whole series. Please review/push when you are able.
> Pushed with minor whitespace fixes
> and splitting/reordering some patches.
I don't see the additional tests in your autobuild. Are you planning on
pushing those later?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical