[krbdev.mit.edu #4975] Checksum type 14 undefined
Kevin Coffman via RT
rt-comment at krbdev.mit.edu
Fri Dec 1 18:11:47 EST 2006
If the Windows 2003 KDC returns a pkinit reply with a checksum rather
than the insecure nonce, it uses checksum type 14. This type is defined
in RFC3961, but not in the current code. I'm assuming that
Vista/Longhorn will also use this checksum type.
If we hack the pkinit code to use checksum type 9 when we get back 14,
it works. I do not know if a simple alias of type 9 is the correct answer.
More information about the krb5-bugs
mailing list