[krbdev.mit.edu #8827] git commit

[Greg Hudson via RT]

Tue Aug 20 16:49:14 2019: Request 8827 was acted upon.
 Transaction: Ticket created by ghudson at mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson at mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://mv-ezproxy-com.ezproxyberklee.flo.org/rt/Ticket/Display.html?id=8827 >



Change definition of KRB5_KDB_FLAG_CROSS_REALM

Set the CROSS_REALM flag if the header ticket was issued by a
different realm, instead of when the client is part of a different
realm.  The affected corner cases are:

* In the final request of a cross-realm S4U2Self request, the header
  ticket client is local but the header ticket was issued by a
  different realm.  The CROSS_REALM flag will now be set in this case.

* If a foreign client renews or validates a locally issued ticket, the
  CROSS_REALM flag will no longer be set.

* If a foreign client requests a local TGT and then uses it to make a
  request, the CROSS_REALM flag will no longer be set.

Also add a new flag KRB5_KDB_FLAG_ISSUING_REFERRAL, which is set when
the KDC decides to issue a referral or alternate TGT.  Use the new
flag meanings to simplify S4U2Self processing.

[ghudson at mit.edu: edited comments and commit messages]

https://github.com/krb5/krb5/commit/e12e890f063f41bf8aef45e44a3ee329f64139d2
Author: Isaac Boukris <iboukris at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: e12e890f063f41bf8aef45e44a3ee329f64139d2
Branch: master
 src/include/kdb.h    |   14 +++++++++++---
 src/kdc/do_tgs_req.c |   10 +++++-----
 src/kdc/kdc_util.c   |   13 ++++++-------
 src/kdc/kdc_util.h   |    3 +--
 4 files changed, 23 insertions(+), 17 deletions(-)