svn commit: lorikeet r699 - in trunk/heimdal: . cf doc kdc
kuser lib/asn1 lib/des lib/des/imath lib/gssapi lib/hdb
lib/hx509 lib/hx509/data lib/krb5 lib/roken tests tests/kdc
Love Hörnquist Åstrand
lha at kth.se
Wed Jan 10 15:48:37 GMT 2007
10 jan 2007 kl. 02.44 skrev abartlet at samba.org:
> trunk/heimdal/kdc/kerberos5.c
contains this change:
@@ -1549,7 +1544,9 @@
if (p != NULL) {
ret = _krb5_pac_sign(context, p, et.authtime,
client->entry.principal,
- &et.key, &skey->key, &data);
+ &skey->key, /* Server key */
+ &skey->key, /* FIXME: should be krbtgt key */
+ &data);
krb5_pac_free(context, p);
if (ret) {
kdc_log(context, config, 0, "PAC signing failed for -- %s",
I don't understand this, et.key is the session krbtgt key and skey-
>key is
the krbtgt key. Assuming this is an AS-REQ for krbtgt of course,
its it this assumption this comment is questioning ?
Love
More information about the samba-technical
mailing list