Multiple ETYPE-INFO-ENTRY with same etype but different salts
hartmans at MIT.EDU
Fri Jul 15 09:30:04 EDT 2011
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> It's arguably a bug that we return multiple etype-info2 entries with the
Greg> same enctype, and then (I assume) only try the first key entry matching
Greg> the enctype when decrypting an encrypted-timestamp preauth request. We
Greg> should either prune the etype-info2 entries to one per enctype, or try
Greg> multiple keys against a preauth request.
RFC 6113 recommends pruning the list.
More information about the krbdev