summaryrefslogtreecommitdiff
path: root/source4/kdc/pac-glue.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11543: A major upgrade to our KDC and PAC handling.Andrew Bartlett1-7/+45
We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
2007-10-10r9648: this fixes the krb5 based login with the pac. The key to this whole ↵Andrew Tridgell1-4/+5
saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e)
2007-10-10r8013: Remember to add the header containing the prototype for the pacAndrew Bartlett1-0/+7
generating function... Andrew Bartlett (This used to be commit 707cf5fba8e5652043d392d3ee77d042eb9c3a90)