[krbdev.mit.edu #1801] Exact match enctype
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Sep 3 16:04:28 EDT 2003
>>>>> "Shawn" == Shawn Emery via RT <rt-comment at krbdev.mit.edu> writes:
Shawn> I found a problem to be that an exact match is performed
Shawn> between the enctype in the response to the enctype in the
Shawn> keytab file. In actuality a "similar" match should be
Shawn> performed when checking for encryption types. We've integrated
Shawn> this change into our source tree and I'm just checking to see
Shawn> if you would be interested in the diffs for this.
That's odd... the situation you're describing shouldn't be happening.
lib/krb5/kt_file.c already performs a "similar" match, and coerces the
enctype of the key it returns if the match isn't exact.
Do you have the following in your kt_file.c?
if (enctype != IGNORE_ENCTYPE) {
if ((kerror = krb5_c_enctype_compare(context, enctype,
new_entry.key.enctype,
&similar))) {
krb5_kt_free_entry(context, &new_entry);
break;
}
if (!similar) {
krb5_kt_free_entry(context, &new_entry);
continue;
}
/*
* Coerce the enctype of the output keyblock in case we
* got an inexact match on the enctype.
*/
new_entry.key.enctype = enctype;
}
More information about the krb5-bugs
mailing list