[krbdev.mit.edu #5840] Prevent kadm5_decrypt_key() from coercing the keytype if the requested ktype == -1
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Nov 9 15:35:27 EST 2007
Ken Raeburn via RT wrote:
> On Nov 9, 2007, at 15:14, Jeffrey Altman via RT wrote:
>> Please review this patch to kadm5_decrypt_key(). This patch prevents
>> the returned keyblock's enctype from being coerced to the requested
>> 'ktype' if the requested 'ktype' == -1. A ktype of -1 is to be
>> ignored.
>
> Is the use of -1 here something that is already happening elsewhere,
> or something you're adding? I thought we had 0 as the magic enctype
> value elsewhere, maybe I'm wrong.
>
> Ken
Please read the comment at the top of the function. -1 means that the
ktype value should be ignored when searching for the correct keyblock entry.
More information about the krb5-bugs
mailing list