Commit 8fdff19c authored by Isaac Boukris's avatar Isaac Boukris Committed by Andrew Bartlett
Browse files

heimdal: apply disallow-forwardable on server in TGS request

upstream commit: 839b073facd2aecda6740224d73e560bc79965dc


Signed-off-by: default avatarIsaac Boukris <>
Reviewed-by: Andreas Schneider's avatarAndreas Schneider <>
Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <>
parent 197f97bc
^samba4.blackbox.krb5.s4u.test S4U2Proxy using received ticket
......@@ -866,6 +866,12 @@ tgs_make_reply(krb5_context context,
et.flags.anonymous = tgt->flags.anonymous;
et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
/* See MS-KILE */
if (!server->entry.flags.forwardable)
et.flags.forwardable = 0;
if (!server->entry.flags.proxiable)
et.flags.proxiable = 0;
if(rspac->length) {
* No not need to filter out the any PAC from the
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment