Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
back-port r24640 from trunk ------------------------------------------------------------------------ r24640 | ghudson | 2011-02-16 18:34:37 -0500 (Wed, 16 Feb 2011) | 14 lines ticket: 6870 subject: Don't reject AP-REQs based on PACs target_version: 1.9.1 tags: pullup Experience has shown that it was a mistake to fail AP-REQ verification based on failure to verify the signature of PAC authdata contained in the ticket. We've had two rounds of interoperability issues with the hmac-md5 checksum code, an interoperability issue OSX generating unsigned PACs, and another problem where PACs are copied by older KDCs from a cross-realm TGT into the service ticket. If a PAC signature cannot be verified, just don't mark it as verified and continue on with the AP exchange. ticket: 6877 version_fixed: 1.8.4 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24671 dc483132-0cff-0310-8789-dd5450dbe970
- Loading branch information