Permalink
Commits on Dec 5, 2011
  1. ticket: 7041

    subject: Fix failure interval of 0 in LDAP lockout code
    version_fixed: 1.8.6
    status: resolved
    
    pull up r25480 from trunk, minus a non-applying manpage patch
    
     ------------------------------------------------------------------------
     r25480 | ghudson | 2011-11-20 00:19:45 -0500 (Sun, 20 Nov 2011) | 13 lines
    
     ticket: 7021
     subject: Fix failure interval of 0 in LDAP lockout code
     target_version: 1.10
     tags: pullup
    
     A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
     pass the lockout check (but didn't cause a reset of the failure count
     in krb5_ldap_lockout_audit).  It should be treated as forever, as in
     the DB2 back end.
    
     This bug is the previously unknown cause of the assertion failure
     fixed in CVE-2011-1528.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25514 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 5, 2011
Commits on Nov 8, 2011
  1. ticket: 7012

    version_fixed: 1.8.6
    status: resolved
    
    pull up r25444 from trunk
    
     ------------------------------------------------------------------------
     r25444 | ghudson | 2011-11-06 00:32:34 -0500 (Sun, 06 Nov 2011) | 10 lines
    
     ticket: 7003
     subject: Fix month/year units in getdate
     target_version: 1.10
     tags: pullup
    
     getdate strings like "1 month" or "next year" would fail some of the
     time, depending on the value of stack garbage, because DSTcorrect()
     doesn't set *error on success and RelativeMonth() doesn't initialize
     error.  Make DSTcorrect() responsible for setting *error in all cases.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25464 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 8, 2011
  2. ticket: 7011

    subject: Exit on error in kadmind kprop child
    version_fixed: 1.8.6
    status: resolved
    
    pull up r25433 from trunk
    
     ------------------------------------------------------------------------
     r25433 | ghudson | 2011-11-04 01:53:23 -0400 (Fri, 04 Nov 2011) | 9 lines
    
     ticket: 7000
     subject: Exit on error in kadmind kprop child
     target_version: 1.10
     tags: pullup
    
     When we fork from kadmind to dump the database and kprop to an iprop
     slave, if we encounter an error in the child process we should exit
     rather than returning to the main loop.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25463 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 8, 2011
  3. ticket: 7010

    subject: Fix intermediate key length in hmac-md5 checksum
    version_fixed: 1.8.6
    status: resolved
    
    pull up r25418 from trunk
    
     ------------------------------------------------------------------------
     r25418 | ghudson | 2011-10-28 11:45:03 -0400 (Fri, 28 Oct 2011) | 9 lines
    
     ticket: 6994
     subject: Fix intermediate key length in hmac-md5 checksum
     target_version: 1.10
     tags: pullup
    
     When using hmac-md5, the intermediate key length is the output of the
     hash function (128 bits), not the input key length.  Relevant if the
     input key is not an RC4 key.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25462 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 8, 2011
Commits on Nov 4, 2011
  1. krb5-1.8.5-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25440 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 4, 2011
  2. README and patchlevel.h for krb5-1.8.5

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25438 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 4, 2011
Commits on Oct 25, 2011
  1. README and patchlevel.h for krb5-1.8.5-beta1.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25415 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 25, 2011
Commits on Oct 21, 2011
  1. ticket: 6991

    subject: fix tar invocation in mkrel
    status: resolved
    version_fixed: 1.8.5
    
    pull up r25395 from trunk
    
     ------------------------------------------------------------------------
     r25395 | tlyu | 2011-10-21 13:35:49 -0400 (Fri, 21 Oct 2011) | 10 lines
    
     ticket: 6989
     subject: fix tar invocation in mkrel
     target_version: 1.10
     tags: pullup
    
     Fix the tar invocation in mkrel so that it defaults to using "tar" as
     the tar program rather than "gtar".
    
     This should probably be pulled up to at least 1.9 and 1.8 as well.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25397 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 21, 2011
Commits on Oct 18, 2011
  1. ticket: 6984

    version_fixed: 1.8.5
    status: resolved
    
    pull up r24909 from trunk
    
     ------------------------------------------------------------------------
     r24909 | tlyu | 2011-05-02 16:57:23 -0400 (Mon, 02 May 2011) | 7 lines
    
     ticket: 6906
     subject: modernize doc/Makefile somewhat
     status: open
    
     Modernize doc/Makefile somewhat so that it can run more usefully on
     modern non-Athena machines.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25375 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 18, 2011
  2. ticket: 6983

    subject: SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
    version_fixed: 1.8.4
    status: resolved
    
    Fix null pointer dereference and assertion failure conditions that
    could cause a denial of service.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25370 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 18, 2011
Commits on Jun 28, 2011
  1. ticket: 6926

    subject: work around Dejagnu failure on modern Tcl
    version_fixed: 1.8.5
    
    Modern releases of Tcl (8.5 and later?) require use the special
    procedure "unknown" to implement some autoloading functionality.
    Dejagnu replaces "unknown" with its own definition, without chaining
    to the original version of "unknown".  This causes "clock format
    [clock seconds]" to fail while trying to load the "msgcat" Tcl
    package.
    
    Use "exec date" instead of "clock format [clock seconds]" to work
    around this bug.
    
    (Also needs pullup to 1.7.)
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24999 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jun 28, 2011
  2. ticket: 6925

    subject: Memory leak in save_error_string_nocopy()
    version_fixed: 1.8.5
    
    pull up r24693 from trunk
    
     ------------------------------------------------------------------------
     r24693 | tlyu | 2011-03-08 15:53:55 -0500 (Tue, 08 Mar 2011) | 8 lines
    
     ticket: 6844
     tags: pullup
     target_version: 1.9.1
    
     Fix a memory leak independently found by Tim Pozdeev and Arlene Berry.
    
     This change should be pulled up to the 1.8 and 1.7 branches as well.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24998 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jun 28, 2011
Commits on May 23, 2011
  1. krb5-1.8.4-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24940 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed May 23, 2011
  2. README and patchlevel for krb5-1.8.4

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24938 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed May 23, 2011
Commits on Apr 14, 2011
  1. ticket: 6900

    subject: kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
    status: resolved
    version_fixed: 1.8.4
    
    back-port r24878 for 1.8-branch
    
     ------------------------------------------------------------------------
     r24878 | tlyu | 2011-04-13 14:43:37 -0400 (Wed, 13 Apr 2011) | 11 lines
    
     ticket: 6899
     tags: pullup
     target_version: 1.9.1
    
     Fix the sole case in process_chpw_request() where a return could occur
     without allocating the data pointer in the response.  This prevents a
     later free() of an invalid pointer in kill_tcp_or_rpc_connection().
    
     Also initialize rep->data to NULL in process_chpw_request() and clean
     up *response in dispatch() as an additional precaution.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24880 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 14, 2011
Commits on Mar 15, 2011
  1. ticket: 6882

    subject: KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
    status: resolved
    version_fixed: 1.8.4
    
    pull up r24705 from trunk
    
     ------------------------------------------------------------------------
     r24705 | tlyu | 2011-03-15 17:47:19 -0400 (Tue, 15 Mar 2011) | 8 lines
    
     ticket: 6881
     subject: KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
     tags: pullup
     target_version: 1.9.1
    
     Fix a double-free condition in the KDC that can occur during an
     AS-REQ when PKINIT is enabled.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24707 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 15, 2011
Commits on Feb 28, 2011
  1. ticket: 6877

    subject: Don't reject AP-REQs based on PACs
    version_fixed: 1.8.4
    status: resolved
    
    back-port r24640 from trunk
    
     ------------------------------------------------------------------------
     r24640 | ghudson | 2011-02-16 18:34:37 -0500 (Wed, 16 Feb 2011) | 14 lines
    
     ticket: 6870
     subject: Don't reject AP-REQs based on PACs
     target_version: 1.9.1
     tags: pullup
    
     Experience has shown that it was a mistake to fail AP-REQ verification
     based on failure to verify the signature of PAC authdata contained in
     the ticket.  We've had two rounds of interoperability issues with the
     hmac-md5 checksum code, an interoperability issue OSX generating
     unsigned PACs, and another problem where PACs are copied by older KDCs
     from a cross-realm TGT into the service ticket.  If a PAC signature
     cannot be verified, just don't mark it as verified and continue on
     with the AP exchange.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24671 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 28, 2011
  2. ticket: 6876

    version_fixed: 1.8.4
    subject: hmac-md5 checksum doesn't work with DES keys
    status: resolved
    
    pull up r24639, r24641 from trunk
    
     ------------------------------------------------------------------------
     r24641 | ghudson | 2011-02-18 10:06:57 -0500 (Fri, 18 Feb 2011) | 7 lines
    
     ticket: 6869
    
     Fix a conceptual bug in r24639: the intermediate key container length
     should be the hash's output size, not its block size.  (The bug did
     not show up in testing because it is harmless in practice; MD5 has a
     larger block size than output size.)
     ------------------------------------------------------------------------
     r24639 | ghudson | 2011-02-16 17:52:41 -0500 (Wed, 16 Feb 2011) | 11 lines
    
     ticket: 6869
     subject: hmac-md5 checksum doesn't work with DES keys
     target_version: 1.9
     tags: pullup
    
     krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
     The container for this key should be allocated using the HMAC output
     size (which is the hash blocksize), not the original key size.  This
     bug was causing the function to fail with DES keys, which can be used
     with hmac-md5 in PAC signatures.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24670 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 28, 2011
Commits on Feb 9, 2011
  1. make depend

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24631 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 9, 2011
  2. ticket: 6853

    version_fixed: 1.8.4
    status: resolved
    
    pull up r24603 from trunk
    
     ------------------------------------------------------------------------
     r24603 | ghudson | 2011-01-24 19:23:48 -0500 (Mon, 24 Jan 2011) | 15 lines
    
     ticket: 6852
     subject: Make gss_krb5_set_allowable_enctypes work for the acceptor
     target_version: 1.9.1
     tags: pullup
    
     With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
     can choose an enctype for the acceptor subkey other than the one in
     the keytab.  If the resulting security context will be exported and
     re-imported by another gss-krb5 implementation (such as one in the
     kernel), the acceptor needs a way to restrict the set of negotiated
     enctypes to those supported by the other implementation.  We had that
     functionality for the initiator already in the form of
     gss_krb5_set_allowable_enctypes; this change makes it work for the
     acceptor as well.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24630 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 9, 2011
  3. ticket: 6862

    subject: KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282]
    version_fixed: 1.8.4
    status: resolved
    
    pull up r24622 from trunk, minus the fix for CVE-2011-0283, which is
    only applicable to krb5-1.9 and later.
    
     ------------------------------------------------------------------------
     r24622 | tlyu | 2011-02-09 15:25:08 -0500 (Wed, 09 Feb 2011) | 10 lines
    
     ticket: 6860
     subject: KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
     tags: pullup
     target_version: 1.9.1
    
     [CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
     handling that could cause the KDC to hang or crash.
    
     [CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24626 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 9, 2011
  4. ticket: 6861

    subject: kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
    version_fixed: 1.8.4
    status: resolved
    
    pull up r24621 from trunk
    
     ------------------------------------------------------------------------
     r24621 | tlyu | 2011-02-09 15:25:03 -0500 (Wed, 09 Feb 2011) | 8 lines
    
     ticket: 6859
     subject: kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
     tags: pullup
     target_version: 1.9.1
    
     When operating in standalone mode and not doing iprop, don't return
     from do_standalone() if the child exits with abnormal status.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24625 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Feb 9, 2011
Commits on Dec 14, 2010
  1. ticket: 6843

    subject: handle MS PACs that lack server checksum
    version_fixed: 1.8.4
    status: resolved
    
    backport r24564 from trunk
    
     ------------------------------------------------------------------------
     r24564 | tlyu | 2010-12-09 20:06:26 -0500 (Thu, 09 Dec 2010) | 18 lines
    
     ticket: 6839
     subject: handle MS PACs that lack server checksum
     target_version 1.9
     tags: pullup
    
     Apple Mac OS X Server's Open Directory KDC issues MS PAC like
     authorization data that lacks a server checksum.  If this checksum is
     missing, mark the PAC as unverfied, but allow
     krb5int_authdata_verify() to succeed.  Filter out the unverified PAC
     in subsequent calls to krb5_authdata_get_attribute().  Add trace
     points to indicate where this behavior occurs.
    
     Thanks to Helmut Grohne for help with analysis.  This bug is also
     Debian Bug #604925:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925
    
     This change should also get backported to krb5-1.8.x.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24574 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 14, 2010
Commits on Dec 4, 2010
  1. ticket: 6833

    subject: SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
    target_version: 1.8.4
    version_fixed: 1.8.4
    status: resolved
    
    Apply patch for MITKRB5-SA-2010-007.
    
    Fix multiple checksum handling bugs, as described in:
      CVE-2010-1324
      CVE-2010-1323
      CVE-2010-4020
      CVE-2010-4021
    
    * Return the correct (keyed) checksums as the mandatory checksum type
      for DES enctypes.
    * Restrict simplified-profile checksums to their corresponding etypes.
    * Add internal checks to reduce the risk of stream ciphers being used
      with simplified-profile key derivation or other algorithms relying
      on the block encryption primitive.
    * Use the mandatory checksum type for the PKINIT KDC signature,
      instead of the first-listed keyed checksum.
    * Use the mandatory checksum type when sending KRB-SAFE messages by
      default, instead of the first-listed keyed checksum.
    * Use the mandatory checksum type for the t_kperf test program.
    * Use the mandatory checksum type (without additional logic) for the
      FAST request checksum.
    * Preserve the existing checksum choices (unkeyed checksums for DES
      enctypes) for the authenticator checksum, using explicit logic.
    * Ensure that SAM checksums received from the KDC are keyed.
    * Ensure that PAC checksums are keyed.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24560 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 4, 2010
Commits on Oct 15, 2010
  1. ticket: 6790

    target_version: 1.8.4
    version_fixed: 1.8.4
    status: resolved
    
    pull up r24370 from trunk
    
     ------------------------------------------------------------------------
     r24370 | ghudson | 2010-09-28 15:09:11 -0400 (Tue, 28 Sep 2010) | 9 lines
    
     ticket: 6790
     target_version: 1.8.4
     tags: pullup
    
     Make krb5_dbe_def_search_enctype skip key data entries with invalid
     enctypes instead of erroring out on them.  We had this behavior prior
     to 1.8 (more by accident than by design), but it changed as a
     side-effect of r23599.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24461 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 15, 2010
  2. ticket: 6768

    version_fixed: 1.8.4
    target_version: 1.8.4
    status: resolved
    
    pull up r24399 from trunk
    
     ------------------------------------------------------------------------
     r24399 | ghudson | 2010-09-30 23:45:43 -0400 (Thu, 30 Sep 2010) | 12 lines
    
     ticket: 6768
     subject: GSSAPI forwarded credentials must be encrypted in session key
     target_version: 1.8.4
     tags: pullup
    
     When IAKERB support was added, the krb5_mk_req checksum function
     gained access to the send subkey.  This caused GSSAPI forwarded
     credentials to be encrypted in the subkey, which violates RFC 4121
     section 4.1.1 and is not accepted by Microsoft's implementation.
     Temporarily null out the send subkey in the auth context so that
     krb5_mk_ncred uses the session key instead.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24460 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 15, 2010
  3. ticket: 6764

    target_version: 1.8.4
    version_fixed: 1.8.4
    status: resolved
    
    pull up r24286 from trunk
    
     ------------------------------------------------------------------------
     r24286 | ghudson | 2010-09-02 11:35:25 -0400 (Thu, 02 Sep 2010) | 7 lines
    
     ticket: 6764
     tags: pullup
     target_version: 1.8.4
    
     Properly search for MANDATORY-FOR-KDC authdata elements.  Reported by
     Mike Roszkowski.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24459 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 15, 2010
  4. ticket: 6701

    version_fixed: 1.8.4
    target_version: 1.8.4
    status: resolved
    
    pull up r24441 from trunk
    
     ------------------------------------------------------------------------
     r24441 | ghudson | 2010-10-07 13:50:06 -0400 (Thu, 07 Oct 2010) | 6 lines
    
     ticket: 6701
     target_version: 1.8.4
     tags: pullup
    
     Fix a typo in kerberos.ldif.  Reported by nalin@redhat.com.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24458 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 15, 2010
Commits on Oct 7, 2010
  1. ticket: 6798

    version_fixed: 1.8.4
    
    pull up r24438 from trunk
    
     ------------------------------------------------------------------------
     r24438 | tlyu | 2010-10-06 19:57:37 -0400 (Wed, 06 Oct 2010) | 11 lines
    
     ticket: 6798
     subject: set NT-SRV-INST on TGS principal names
     tags: pullup
     target_version: 1.8.4
    
     Set NT-SRV-INST on TGS principal names in
     get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC
     insists on it.
    
     Thanks to Bill Fellows for reporting this problem.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24439 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 7, 2010
Commits on Oct 5, 2010
  1. ticket: 6797

    status: resolved
    version_fixed: 1.8.4
    
    pull up r24429 from trunk
    
     ------------------------------------------------------------------------
     r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines
    
     ticket: 6797
     subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)
     tags: pullup
     target_version: 1.8.4
    
     When the KDC receives certain TGS-REQ messages, it may dereference an
     uninitialized pointer while processing authorization data, causing a
     crash, or in rare cases, unauthorized information disclosure, ticket
     modification, or execution of arbitrary code.  The crash may be
     triggered by legitimate requests.
    
     Correctly implement the filtering of authorization data items to avoid
     leaving uninitialized pointers when omitting items.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24431 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 5, 2010
Commits on Aug 5, 2010
  1. krb5-1.8.3-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24233 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Aug 5, 2010
Commits on Aug 4, 2010
  1. README for krb5-1.8.3 final

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24230 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Aug 4, 2010
Commits on Jul 23, 2010
  1. krb5-1.8.3-beta1-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24209 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 23, 2010
  2. README and patchlevel.h for krb5-1.8.3-beta1

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24207 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 23, 2010
Commits on Jul 21, 2010
  1. ticket: 6345

    version_fixed: 1.8.3
    status: resolved
    
    pull up r24141 from trunk
    
     ------------------------------------------------------------------------
     r24141 | ghudson | 2010-06-21 15:56:29 -0400 (Mon, 21 Jun 2010) | 10 lines
    
     ticket: 6345
     target_version: 1.8.3
     tags: pullup
    
     kdb5_stash() contains its own kdb5_db_open() call (because it doesn't
     use util_context for some reason), which didn't work with the LDAP
     back end because LDAP doesn't recognize KRB5_KDB_SRV_TYPE_OTHER.  As a
     minimal fix, change that to KRB5_KDB_SRV_TYPE_ADMIN to be consistent
     with open_db_and_mkey()--see also r18736.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24199 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 21, 2010