svn commit: lorikeet r699 - in trunk/heimdal: . cf doc kdc kuser lib/asn1 lib/des lib/des/imath lib/gssapi lib/hdb lib/hx509 lib/hx509/data lib/krb5 lib/roken tests tests/kdc

Love Hörnquist Åstrand lha at
Wed Jan 10 15:48:37 GMT 2007

10 jan 2007 kl. 02.44 skrev abartlet at

>    trunk/heimdal/kdc/kerberos5.c

contains this change:

@@ -1549,7 +1544,9 @@
	if (p != NULL) {
	    ret = _krb5_pac_sign(context, p, et.authtime,
-				 &et.key, &skey->key, &data);
+				 &skey->key, /* Server key */
+				 &skey->key, /* FIXME: should be krbtgt key */
+				 &data);
	    krb5_pac_free(context, p);
	    if (ret) {
		kdc_log(context, config, 0, "PAC signing failed for -- %s",

I don't understand this, et.key is the session krbtgt key and skey- 
 >key is
the krbtgt key. Assuming this is an AS-REQ for krbtgt of course,
its it this assumption this comment is questioning ?


More information about the samba-technical mailing list