[krbdev.mit.edu #6484] SVN Commit
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Thu May 7 16:35:29 EDT 2009
Heimdal at least up through 1.2 incorrectly encrypts the TGS response
in the session key not the subkey when a subkey is supplied. See RFC
4120 page 35. Work around this by trying decryption using the session
key after the subkey fails.
* decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for
TGS and now needs to take keyusage
* gc_via_tkt: pass in session key and appropriate usage if subkey
fails.
Note that the dead code to process AS responses in decode_kdc_rep is
not removed by this commit. That will be removed as FAST TGS client
support is integrated post 1.7.
http://src.mit.edu/fisheye/changelog/krb5/?cs=22325
Commit By: hartmans
Revision: 22325
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/decode_kdc.c
U trunk/src/lib/krb5/krb/gc_via_tkt.c
U trunk/src/lib/krb5/libkrb5.exports
More information about the krb5-bugs
mailing list