From ef700ee2cc1b33a06cd1e5c6c56ca7cfac8e67c5 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 29 Apr 2013 14:55:31 -0400
Subject: [PATCH] Don't send empty etype info from KDC

RFC 4120 prohibits empty ETYPE-INFO2 sequences (though not ETYPE-INFO
sequences), and our client errors out if it sees an empty sequence of
either.

ticket: 7630
---
 src/kdc/kdc_preauth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index b7f9e15144..9c04f709ca 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1420,6 +1420,11 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
             seen_des++;
         }
     }
+
+    /* If the list is empty, don't send it at all. */
+    if (i == 0)
+        goto cleanup;
+
     if (etype_info2)
         retval = encode_krb5_etype_info2(entry, &scratch);
     else
-- 
2.47.2