pam_krb5: Restore allow_kdc_spoof option
Needs ReviewPublic
Actions

Authored by des on Sat, Nov 22, 4:57 PM.

Details

Reviewers

cy
ivy

Group Reviewers

security

Summary

Not only does the new pam_krb5 module not have the same allow_kdc_spoof
option that the old one had, its behavior in this matter defaults to
insecure. Reimplement allow_kdc_spoof and switch the default back.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 68808
Build 65691: arc lint + arc unit

Event Timeline

des created this revision.Sat, Nov 22, 4:57 PM

Herald added a subscriber: imp. · View Herald TranscriptSat, Nov 22, 4:57 PM

des requested review of this revision.Sat, Nov 22, 4:57 PM

des added a child revision: D53885: pam_krb5: Fix manual page in MIT case.

Note that this patch updates the source for the documentation but not the mdoc file that we actually install; see D53885 for that.

Harbormaster completed remote builds in B68808: Diff 166968.Sat, Nov 22, 4:58 PM

Revision Contents
Changeset List

Path

Size

contrib/

pam-krb5/

docs/

pam_krb5.pod

15 lines

module/

auth.c

6 lines

internal.h

3 lines

options.c

3 lines

Diff 166968

View Options

contrib/pam-krb5/docs/pam_krb5.pod

View Options

contrib/pam-krb5/module/auth.c

View Options

contrib/pam-krb5/module/internal.h

View Options

contrib/pam-krb5/module/options.c

pam_krb5: Restore allow_kdc_spoof optionNeeds ReviewPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 166968

contrib/pam-krb5/docs/pam_krb5.pod

contrib/pam-krb5/module/auth.c

contrib/pam-krb5/module/internal.h

contrib/pam-krb5/module/options.c

pam_krb5: Restore allow_kdc_spoof option
Needs ReviewPublic
Actions

Revision Contents
Changeset List