[krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO
william.fiveash@sun.com via RT
rt-comment at krbdev.mit.edu
Fri Oct 14 14:20:03 EDT 2005
On Fri, Oct 14, 2005 at 01:55:45PM -0400, william.fiveash at sun.com via RT wrote:
> On Thu, Oct 13, 2005 at 06:56:39PM -0400, Tom Yu via RT wrote:
> > Could you please look at svn revision 17424 to see if it fixes the
> > problem? My tracing through the code in a debugger shows that it
> > does, but I would like some verification. Let me know if you prefer a
> > diff rather than pulling the patch out of svn.
>
> I'm looking at it now. I'll get back to you shortly.
It looks good to me. Another way to verify the code is doing the right
thing is set default_tkt_enctypes = des-cbc-rc, kinit for a princ that
has long term keys that include newer enctypes in addition to DES,
capture the krb AS exchange on the wire and examine it with the latest
developer version of ethereal (I recently submitted a patch so it will
parse PA-ETYPE-INFO2 and newer enctypes). This is how I discovered the
bug.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krb5-bugs
mailing list