Option for multiple PA-ETYPE-INFO(2)-ENTRY (old behaviour)
Greg Hudson
ghudson at mit.edu
Fri Nov 18 14:23:16 EST 2016
On 11/18/2016 02:08 PM, Greg Hudson wrote:
> Unfortunately, neither backporting the 1.14 tgt rekeying fixes
> nor forward-porting the 1.13 pa-etype-info2 behavior is likely to be
> easy, so I can't offer a solution better than the ones you've already
> determined.
Actually, you could try reintroducing commit
18b02f3e839c007fff54fc9b693f479b7563ec73 to the 1.14 KDC. That's a
pretty simple change, and I think it should work. (We reverted it
because we found a more correct fix for the kinit -k issue we had run into.)
https://github.com/krb5/krb5/commit/18b02f3e839c007fff54fc9b693f479b7563ec73
More information about the Kerberos
mailing list