[32730] in Kerberos
Re: e-type / kvno processing in 1.8
daemon@ATHENA.MIT.EDU (Tim Metz)
Wed Sep 29 13:12:24 2010
Message-ID: <4CA37346.40007@ucdavis.edu>
Date: Wed, 29 Sep 2010 10:11:34 -0700
From: Tim Metz <tpmetz@ucdavis.edu>
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>, "kerberos@mit.edu" <kerberos@mit.edu>
In-Reply-To: <1285700964.20521.895.camel@ray>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg Hudson wrote:
> I've checked in the following fix, which is to treat
> krb5_c_enctype_compare errors as non-fatal. If the ktype argument is
> invalid, no kvno will match and the function will eventually return
> KRB5_KDB_NO_MATCHING_KEY, which I think is fine; if the key entry
> enctype is invalid, then we'll move on to the next key entry as we used
> to do (more by accident than by design, but it's reasonable behavior).
>
Thank you for looking into this, and for the quick response.
I applied the kdb_default.c patch to our 1.8.3 build, and verified that
it works as expected.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
