Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Expand S4U2Self exception in KDC lineage check
An S4U2Self TGS-REQ using only a certificate to identify the user will not include PA-FOR-USER, so we need to check both types when making an exception in the lineage check. (S4U2Self requests are allowed to bypass the lineage check because cross-realm S4U2Self ends with a backwards cross-realm request to the server realm.) [ghudson@mit.edu: factored out padata check; deindented the code block by combining conditionals; rewrote commit message] ticket: 8780 (new)
- Loading branch information