]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a9bd34) | patch
Omit AS-REP etype-info for replaced reply keys 743/head
authorGreg Hudson <ghudson@mit.edu>
Mon, 12 Mar 2018 19:44:39 +0000 (15:44 -0400)
committerGreg Hudson <ghudson@mit.edu>
Mon, 19 Mar 2018 23:37:43 +0000 (19:37 -0400)
commit9dadcd682c1a9c47bbea8182d82faa89ede3daaf
tree47533842499b45375f28b8c5dda92579cba37f26tree
parent0a9bd34b97ebf794b6ddbeb17c274623b445cca4commit | diff
Omit AS-REP etype-info for replaced reply keys

etype-info in AS-REP is currently only useful when no
pre-authentication took place.  Don't send it if a preauth mech
replaced the reply key, as we can't send something consistently
meaningful (the enctype must match the replaced reply key per RFC
4120, but the salt from the client key data corresponds to the initial
reply key).

ticket: 8642
src/kdc/kdc_preauth.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git