rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/Include-etype-info-in-for-hardware-preauth-hints.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c41359895e7874e715419cabbee3937a49a4011d
  2.   SOURCES
  3.   Include-etype-info-in-for-hardware-preauth-hints.patch
Blob History Raw
c41359 
From bbc68d1657306a61a7646dd7b9690f67705e24be Mon Sep 17 00:00:00 2001
c41359 
From: Greg Hudson <ghudson@mit.edu>
c41359 
Date: Wed, 3 Jan 2018 11:59:14 -0500
c41359 
Subject: [PATCH] Include etype-info in for hardware preauth hints
c41359
c41359 
If a principal has the requires_hwauth bit set, include PA-ETYPE-INFO
c41359 
or PA-ETYPE-INFO2 padata in the PREAUTH_REQUIRED error, as preauth
c41359 
mechs involving hardware tokens may also use the principal's Kerberos
c41359 
password.
c41359
c41359 
ticket: 8629
c41359 
(cherry picked from commit ba92da05accc524b8037453b63ced1a6c65fd2a1)
c41359 
---
c41359 
 src/kdc/kdc_preauth.c | 4 ++--
c41359 
 1 file changed, 2 insertions(+), 2 deletions(-)
c41359
c41359 
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
c41359 
index 81d0b8cff..739c5e776 100644
c41359 
--- a/src/kdc/kdc_preauth.c
c41359 
+++ b/src/kdc/kdc_preauth.c
c41359 
@@ -144,7 +144,7 @@ static preauth_system static_preauth_systems[] = {
c41359 
     {
c41359 
         "etype-info",
c41359 
         KRB5_PADATA_ETYPE_INFO,
c41359 
-        0,
c41359 
+        PA_HARDWARE,
c41359 
         NULL,
c41359 
         NULL,
c41359 
         NULL,
c41359 
@@ -155,7 +155,7 @@ static preauth_system static_preauth_systems[] = {
c41359 
     {
c41359 
         "etype-info2",
c41359 
         KRB5_PADATA_ETYPE_INFO2,
c41359 
-        0,
c41359 
+        PA_HARDWARE,
c41359 
         NULL,
c41359 
         NULL,
c41359 
         NULL,

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation