Combined DES salt and Keytab cleanup patch
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 14 01:44:38 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett wrote:
>>> smb_krb5_get_keyinfo_from_ap_req(), which returns the enc
>>> type of the incoming ticket.
>> Hmmm...Did you read the patch ? The point was to limit
>> the keys in the keytab to enctypes support by AD.
>> Not ticket decryption.
>
> Ahh, sorry, it must have been an earlier change. I
> was reading the current code in ads_secrets_verify_ticket().
> At one point, that asked the krb5 code for the list
> of encryption types, and now it just uses the types
> you list above, in a static array.
>
> I just think the 'try to decrypt with every
> enctype' loop is silly.
ok. I know the code you are talking about and it may
have been in that patch but only as an incremental
change from "try everything" to "restrict to what AD will send"
I agree we should pull the enctype rather than a for() loop.
I've still got a list of items to clean up here.
Thanks for the review.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEtvcGIR7qMdg1EfYRAtMgAJ9oUUZcn4NBWOvnVjnteu47g/J1VACg5KcA
96AlJx3/iRY9pzQDUscM3C4=
=2ilW
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list