There is serious bug in handling requests in AATV module of AA_FORK
and AA_FREPLAY types in Merit AAA server. If AATV module not
responding for a long time main server drops original request without
cleaning some critical information (process counter aatv->proc_cnt).
As a result after some definite number of timeouts server stops
responding.
PR: 23212
Submitted by: Andriy I Pilipenko <bamby@marka.net.ua>
Fix one serious bug in the RADIUS server's Kerberos interface, one
minor nit in the build, and add one feature:
- Properly validate the Kerberos ticket we obtained against an actual
service so we know it wasn't forged.
- Make sure the test programs are built knowing where the database is.
- If the make variable KRB_INSTANCE is defined, it names the instance of
each user to be used in validating their Kerberos password. (If this
instance doesn't exist, the validation will fail.) This can be used
for both access control and to keep separate one's login password from
the less secure RADIUS mechanism (since exposure of the instance does
not expose the null instance).
