Decrypting KRB_CRED in AP_REQ

Greg Hudson ghudson at MIT.EDU
Fri Apr 1 00:15:35 EDT 2011

On Thu, 2011-03-31 at 21:38 -0400, Weijun Wang wrote:
> On 03/31/2011 10:52 PM, Greg Hudson wrote:
> > On Thu, 2011-03-31 at 00:17 -0400, Weijun Wang wrote:
> >> Here, it seems the decrypt key should be the session key of the service
> >> ticket. What shall I do if the authenticator has a subkey?
> >
> > You should still use the session key of the service ticket.
> So, the following paragraph on 
> is about 
> this issue?

No, that paragraph is about

> I cannot find a bug id related. Is the old behavior back in 1.8.1?

The proper behavior is fixed on the 1.8 branch but may not be in a 1.8
release yet.  (It's also fixed in 1.9, of course.)  The bug is:

More information about the krbdev mailing list