Multiple ETYPE-INFO-ENTRY with same etype but different salts

Sam Hartman hartmans at MIT.EDU
Fri Jul 15 09:30:04 EDT 2011

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> It's arguably a bug that we return multiple etype-info2 entries with the
    Greg> same enctype, and then (I assume) only try the first key entry matching
    Greg> the enctype when decrypting an encrypted-timestamp preauth request.  We
    Greg> should either prune the etype-info2 entries to one per enctype, or try
    Greg> multiple keys against a preauth request.

RFC 6113 recommends pruning the list.

More information about the krbdev mailing list