-
Notifications
You must be signed in to change notification settings - Fork 366
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
S4U2Proxy evidence tickets needn't be forwardable
With the introduction of resource-based constrained delegation, the absence of the forwardable flag no longer implies that a ticket cannot be used for constrained delegation requests. Instead, we should check in the PAC to see if the user is marked as sensitive, and error out in that case rather than making a failed request. But we don't always have access to the PAC and we currently do not have the code to retrieve this attribute from the PAC. Since krb5_get_credentials_for_proxy() no longer needs to look at the decrypted ticket, change kvno to not require a keytab for constrained delegation. [ghudson@mit.edu: made minor style changes and commit message edits; updated documentation] ticket: 8479
- Loading branch information
1 parent
c426ef2
commit e131d33
Showing
7 changed files
with
53 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters