[krbdev.mit.edu #4950] gc_frm_kdc doesn't adjust use_conf_ktypes in referrals case
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Nov 29 11:18:31 EST 2006
If krb5_get_creds_from_kdc_opt() gets the final service ticket during referrals processing, it
does so with use_conf_ktypes = 1. This may be undesirable, as the application may have
requested to override the config file enctypes. The problem is that the referrals code should set
use_conf_ktypes = 1 when getting TGTs. There may need to be an explicit check to see if the
returned service ticket contains enctypes not requested by the application, and if so, to repeat
the request with use_conf_ktypes = 0.
More information about the krb5-bugs
mailing list