[krbdev.mit.edu #6484] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon May 11 16:56:54 EDT 2009
pull up r22325 from trunk
------------------------------------------------------------------------
r22325 | hartmans | 2009-05-07 16:35:28 -0400 (Thu, 07 May 2009) | 18 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/krb5/krb/decode_kdc.c
M /trunk/src/lib/krb5/krb/gc_via_tkt.c
M /trunk/src/lib/krb5/libkrb5.exports
Subject: Try decrypting using session key if subkey fails in tgs rep handling
ticket: 6484
Tags: pullup
Target_Version: 1.7
Heimdal at least up through 1.2 incorrectly encrypts the TGS response
in the session key not the subkey when a subkey is supplied. See RFC
4120 page 35. Work around this by trying decryption using the session
key after the subkey fails.
* decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for
TGS and now needs to take keyusage
* gc_via_tkt: pass in session key and appropriate usage if subkey
fails.
Note that the dead code to process AS responses in decode_kdc_rep is
not removed by this commit. That will be removed as FAST TGS client
support is integrated post 1.7.
http://src.mit.edu/fisheye/changelog/krb5/?cs=22340
Commit By: tlyu
Revision: 22340
Changed Files:
U branches/krb5-1-7/src/include/k5-int.h
U branches/krb5-1-7/src/lib/krb5/krb/decode_kdc.c
U branches/krb5-1-7/src/lib/krb5/krb/gc_via_tkt.c
U branches/krb5-1-7/src/lib/krb5/libkrb5.exports
More information about the krb5-bugs
mailing list