diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2022-01-07 13:46:24 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2022-01-12 13:28:07 -0500 |
| commit | ee4e3c5c9eee061048d5b7393b8f3820d1a563a8 (patch) | |
| tree | 492c3933a2dccc08378f380a82a7536b214cf05d /doc | |
| parent | 5c394dc54c9196c300bd99a66a3257692f520920 (diff) | |
| download | krb5-ee4e3c5c9eee061048d5b7393b8f3820d1a563a8.tar.gz | |
Add PAC ticket signature APIs
Microsoft added a third PAC signature over the ticket to prevent
servers from setting the forwardable flag on evidence tickets. Add
new APIs to generate and verify ticket signatures, as well as defines
for this and other new PAC buffer types. Deprecate the old signing
functions as they cannot generate ticket signatures. Modify several
error returns to better match the protocol errors generated by Active
Directory.
[ghudson@mit.edu: adjusted contracts for KDC requirements; simplified
and commented code changes; wrote commit message. rharwood@redhat.com
also did some work on this commit.]
ticket: 9043 (new)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/appdev/refs/api/index.rst | 2 | ||||
| -rw-r--r-- | doc/appdev/refs/macros/index.rst | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/doc/appdev/refs/api/index.rst b/doc/appdev/refs/api/index.rst index 9e03fd386..d12be47c3 100644 --- a/doc/appdev/refs/api/index.rst +++ b/doc/appdev/refs/api/index.rst @@ -223,6 +223,8 @@ Rarely used public interfaces krb5_init_creds_step.rst krb5_init_keyblock.rst krb5_is_referral_realm.rst + krb5_kdc_sign_ticket.rst + krb5_kdc_verify_ticket.rst krb5_kt_add_entry.rst krb5_kt_end_seq_get.rst krb5_kt_get_entry.rst diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst index 722ebbb98..a0d4f2670 100644 --- a/doc/appdev/refs/macros/index.rst +++ b/doc/appdev/refs/macros/index.rst @@ -235,12 +235,18 @@ Public KRB5_NT_UNKNOWN.rst KRB5_NT_WELLKNOWN.rst KRB5_NT_X500_PRINCIPAL.rst + KRB5_PAC_ATTRIBUTES_INFO.rst KRB5_PAC_CLIENT_INFO.rst + KRB5_PAC_CLIENT_CLAIMS.rst KRB5_PAC_CREDENTIALS_INFO.rst KRB5_PAC_DELEGATION_INFO.rst + KRB5_PAC_DEVICE_CLAIMS.rst + KRB5_PAC_DEVICE_INFO.rst KRB5_PAC_LOGON_INFO.rst KRB5_PAC_PRIVSVR_CHECKSUM.rst + KRB5_PAC_REQUESTOR.rst KRB5_PAC_SERVER_CHECKSUM.rst + KRB5_PAC_TICKET_CHECKSUM.rst KRB5_PAC_UPN_DNS_INFO.rst KRB5_PADATA_AFS3_SALT.rst KRB5_PADATA_AP_REQ.rst |