Combined DES salt and Keytab cleanup patch

Gerald (Jerry) Carter jerry at
Fri Jul 14 01:44:38 GMT 2006

Hash: SHA1

Andrew Bartlett wrote:

>>> smb_krb5_get_keyinfo_from_ap_req(), which returns the enc 
>>> type of the incoming ticket.
>> Hmmm...Did you read the patch ?  The point was to limit
>> the keys in the keytab to enctypes support by AD.
>> Not ticket decryption.
> Ahh, sorry, it must have been an earlier change.  I 
> was reading the current code in ads_secrets_verify_ticket().
> At one point, that asked the krb5 code for the list
> of encryption types, and now it just uses the types
> you list above, in a static array.
> I just think the 'try to decrypt with every 
> enctype' loop is silly.

ok.  I know the code you are talking about and it may
have been in that patch but only as an incremental
change from "try everything" to "restrict to what AD will send"
I agree we should pull the enctype rather than a for() loop.
I've still got a list of items to clean up here.

Thanks for the review.

cheers, jerry
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -


More information about the samba-technical mailing list