| commit | 5b7cf5d56fcbe4bcd0eda902e70b4162955e5e37 | |
| author | Luke Howard <lukeh@padl.com> | |
| Thu, 23 Dec 2021 02:19:22 +0000 (23 13:19 +1100) | ||
| committer | Luke Howard <lukeh@padl.com> | |
| Thu, 23 Dec 2021 02:52:15 +0000 (23 13:52 +1100) | ||
| tree | 0df794647fbbd96f649255cbdb07d3e86ae43a5a | treesnapshot (tar.gz zip) |
| parent | 01656339645f9c27e75567cbd12c721518dc1a1d | commitdiff |
kdc: centralize include PAC logic
Add a helper function that returns TRUE if a PAC should be included in ticket
authorization data, that can be called from both AS and TGS paths.
Per [MS-KILE] 3.3.5.3, PACs are always included for TGTs; for service
tickets, policy is governed by whether the client explicitly requested
a PAC be omitted when requesting a TGT, or if the no-auth-data-reqd
flag is set on the service principal entry.
Add a helper function that returns TRUE if a PAC should be included in ticket
authorization data, that can be called from both AS and TGS paths.
Per [MS-KILE] 3.3.5.3, PACs are always included for TGTs; for service
tickets, policy is governed by whether the client explicitly requested
a PAC be omitted when requesting a TGT, or if the no-auth-data-reqd
flag is set on the service principal entry.
| kdc/kerberos5.c | diffblobblamehistory | |
| kdc/krb5tgs.c | diffblobblamehistory | |
| kdc/misc.c | diffblobblamehistory |