Page MenuHomeFreeBSD
Differential D53884

pam_krb5: Restore allow_kdc_spoof option
AcceptedPublic
Actions

Authored by des on Sat, Nov 22, 4:57 PM.
Tags
None
Referenced Files
F137453748: D53884.diff
Sun, Nov 23, 3:11 PM
F137446542: D53884.id.diff
Sun, Nov 23, 1:25 PM
F137415921: D53884.id166968.diff
Sun, Nov 23, 6:14 AM
F137412410: D53884.id166968.diff
Sun, Nov 23, 5:23 AM
F137411939: D53884.id.diff
Sun, Nov 23, 5:18 AM
F137403663: D53884.diff
Sun, Nov 23, 3:15 AM
Unknown Object (File)
Sat, Nov 22, 8:30 PM
Unknown Object (File)
Sat, Nov 22, 8:29 PM
View All 9 Files
Subscribers
imp

Details

Reviewers
cy
ivy
Group Reviewers
security
Summary

Not only does the new pam_krb5 module not have the same allow_kdc_spoof
option that the old one had, its behavior in this matter defaults to
insecure. Reimplement allow_kdc_spoof and switch the default back.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 68808
Build 65691: arc lint + arc unit

Event Timeline

des created this revision.Sat, Nov 22, 4:57 PM
Herald added a subscriber: imp. · View Herald TranscriptSat, Nov 22, 4:57 PM
des requested review of this revision.Sat, Nov 22, 4:57 PM
des added a child revision: D53885: pam_krb5: Fix manual page in MIT case.
des added a comment.Sat, Nov 22, 4:58 PM

Note that this patch updates the source for the documentation but not the mdoc file that we actually install; see D53885 for that.

Harbormaster completed remote builds in B68808: Diff 166968.Sat, Nov 22, 4:58 PM
cy accepted this revision as: cy.Sun, Nov 23, 3:11 PM
This revision is now accepted and ready to land.Sun, Nov 23, 3:11 PM

Revision Contents
Changeset List

PathSize
contrib/
pam-krb5/
docs/
15 lines
module/
6 lines
3 lines
3 lines

Diff 166968

View Options

contrib/pam-krb5/docs/pam_krb5.pod

Loading...
View Options

contrib/pam-krb5/module/auth.c

Loading...
View Options

contrib/pam-krb5/module/internal.h

Loading...
View Options

contrib/pam-krb5/module/options.c

Loading...