e-type / kvno processing in 1.8
Tim Metz
tpmetz at ucdavis.edu
Wed Sep 29 13:11:34 EDT 2010
Greg Hudson wrote:
> I've checked in the following fix, which is to treat
> krb5_c_enctype_compare errors as non-fatal. If the ktype argument is
> invalid, no kvno will match and the function will eventually return
> KRB5_KDB_NO_MATCHING_KEY, which I think is fine; if the key entry
> enctype is invalid, then we'll move on to the next key entry as we used
> to do (more by accident than by design, but it's reasonable behavior).
>
Thank you for looking into this, and for the quick response.
I applied the kdb_default.c patch to our 1.8.3 build, and verified that
it works as expected.
More information about the Kerberos
mailing list