[krbdev.mit.edu #8642] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Mar 19 20:01:24 EDT 2018
Omit AS-REP etype-info for replaced reply keys
etype-info in AS-REP is currently only useful when no
pre-authentication took place. Don't send it if a preauth mech
replaced the reply key, as we can't send something consistently
meaningful (the enctype must match the replaced reply key per RFC
4120, but the salt from the client key data corresponds to the initial
reply key).
https://github.com/krb5/krb5/commit/9dadcd682c1a9c47bbea8182d82faa89ede3daaf
Author: Greg Hudson <ghudson at mit.edu>
Commit: 9dadcd682c1a9c47bbea8182d82faa89ede3daaf
Branch: master
src/kdc/kdc_preauth.c | 51 ++++++++++++++++++++++++++++++++----------------
1 files changed, 34 insertions(+), 17 deletions(-)
More information about the krb5-bugs
mailing list