summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorGravatar Karl Ramm <kcr@1ts.org>2009-08-27 14:42:48 +0000
committerGravatar Karl Ramm <kcr@1ts.org>2009-08-27 14:42:48 +0000
commit1e5013d3fee3f3a6c86a9081f3986449ed17ebe2 (patch)
tree81863b698a574d6522e93e29af3550f31cc15a2b /server
parent9356c4d643c26806c5c231a86a53c57d606fef9f (diff)
For now check incoming interrealm stuff with both keyusages because it
turns out that derived-key stuff actually worked if you were using heimdal.
Diffstat (limited to 'server')
-rw-r--r--server/kstuff.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/server/kstuff.c b/server/kstuff.c
index 65f08ca..5f9cc4f 100644
--- a/server/kstuff.c
+++ b/server/kstuff.c
@@ -561,6 +561,12 @@ ZCheckSrvAuthentication(ZNotice_t *notice,
Z_KEYUSAGE_CLT_CKSUM,
asn1_data, asn1_len);
+ /* XXX compatibility with unreleased interrealm krb5; drop in 3.1 */
+ if (!valid && realm)
+ valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype,
+ Z_KEYUSAGE_SRV_CKSUM,
+ asn1_data, asn1_len);
+
free(asn1_data);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);