Decrypting KRB_CRED in AP_REQ
Greg Hudson
ghudson at MIT.EDU
Fri Apr 1 00:15:35 EDT 2011
On Thu, 2011-03-31 at 21:38 -0400, Weijun Wang wrote:
>
> On 03/31/2011 10:52 PM, Greg Hudson wrote:
> > On Thu, 2011-03-31 at 00:17 -0400, Weijun Wang wrote:
> >> Here, it seems the decrypt key should be the session key of the service
> >> ticket. What shall I do if the authenticator has a subkey?
> >
> > You should still use the session key of the service ticket.
> So, the following paragraph on
> http://packages.qa.debian.org/k/krb5/news/20100411T160238Z.html is about
> this issue?
No, that paragraph is about
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6687&user=guest&pass=guest
> I cannot find a bug id related. Is the old behavior back in 1.8.1?
The proper behavior is fixed on the 1.8 branch but may not be in a 1.8
release yet. (It's also fixed in 1.9, of course.) The bug is:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6768&user=guest&pass=guest
More information about the krbdev
mailing list