eUPN and Kerberos PAC issues
Stefan (metze) Metzmacher
metze at samba.org
Thu Mar 12 04:06:00 MDT 2015
Am 12.03.2015 um 10:28 schrieb Andrew Bartlett:
> On Thu, 2015-03-12 at 09:05 +0100, Stefan (metze) Metzmacher wrote:
>> Hi Andrew,
>>
>>>>> I noticed it only because the PAC in the AS-REP and referral ticket where
>>>>> generated by a Windows 2012R2 KDC and the samba/heimdal kdc
>>>>> fails to verify the PAC in the TGS-REQ.
>>>>>
>>>>> I'll have a look at the patches later, thanks!
>>>>>
>>>>> metze
>>>>>
>>>>
>>>> Thanks. It seems I broke samba4.local.pac, so I'll investigate that
>>>> tomorrow if it isn't obvious to you.
>>>
>>> This showed up that we got things wrong in our old PAC-creation code,
>>> and made me think about UPN and samAccountName values with spaces in
>>> them. The attached patches fixes these cases as well.
>>>
>>> Attached is the whole series. Please review/push when you are able.
>>
>> Pushed with minor whitespace fixes
>> and splitting/reordering some patches.
>
> I don't see the additional tests in your autobuild. Are you planning on
> pushing those later?
There was a problem with the s4member env.
I've fixed the bug, see
https://git.samba.org/?p=metze/samba-autobuild/.git;a=commitdiff;h=272ab25b540f8e2a718fbdff5acc6e73798fc415
and pushed everything.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/ae3b1517/attachment.pgp>
More information about the samba-technical
mailing list