[krbdev.mit.edu #1621] AutoReply: aes enctype not implemented
lha@kth.se via RT
rt-comment at krbdev.mit.edu
Sat Jun 21 22:47:47 EDT 2003
If I patch the code to make it use md5 as the checksum instead it works
$ ./kgetcred aes at M.KRBTEST.COM
$ klist
Credentials cache: FILE:/tmp/krb5cc_18549a
Principal: aes at M.KRBTEST.COM
Issued Expires Principal
Jun 21 21:23:38 Jun 22 07:23:38 krbtgt/M.KRBTEST.COM at M.KRBTEST.COM
Jun 22 04:04:21 Jun 22 07:23:38 aes at M.KRBTEST.COM
But HMAC-SHA1-96-AES256 is required in clarifications.
Love
Index: mk_req_ext.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/mk_req_ext.c,v
retrieving revision 1.26
diff -u -u -w -r1.26 mk_req_ext.c
--- mk_req_ext.c 2 Sep 2002 17:13:52 -0000 1.26
+++ mk_req_ext.c 22 Jun 2003 02:03:50 -0000
@@ -110,6 +110,15 @@
in_data->data,
in_data->length,
&c);
+ } else if(ac->keyblock->keytype == ETYPE_AES256_CTS_HMAC_SHA1_96) {
+ /* this is to make MIT kdcs happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD5,
+ in_data->data,
+ in_data->length,
+ &c);
} else {
krb5_crypto crypto;
More information about the krb5-bugs
mailing list