krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used causing sshd to fail

Luke Howard lukeh at
Thu Jul 1 10:25:36 EDT 2010

See attached, untested patch. This could be optimised by mapping the checksum type to an enctype (is there API for this?) and then calling krb5_kt_get_entry() rather than enumerating the keytab, but we still need to enumerate the keytab if server == NULL to handle aliases.

-- Luke

More information about the krbdev mailing list