[SCM] Samba Shared Repository - branch v4-0-test updated -
release-4-0-0alpha5-243-gfcabe24
Love Hörnquist Åstrand
lha at kth.se
Fri Aug 8 15:06:44 GMT 2008
8 aug 2008 kl. 17.01 skrev Stefan (metze) Metzmacher:
> Love Hörnquist Åstrand schrieb:
>>> commit dbb94133e0313cae933d261af0bf1210807a6d11
>>> Author: Stefan Metzmacher <metze at samba.org>
>>> Date: Fri Aug 8 15:22:39 2008 +0200
>>>
>>> krb5: always generate the acceptor subkey as the same enctype as
>>> the used service key
>>
>> Why doesn't the client use the acceptor subkey ?
>
> The client uses arcfour-hmac-md5 but the server replied with
> an aes subkey. And then heimdal client and server don't endup with the
> same key from gsskrb5_get_subkey(). Also it very likely that the
> client may not support aes keys.
If the client sends ETypeList with AES it better support AES in the
gss_api function.
If you extract the keys from the gss-layer you have limit what
enctypes the clients support, and then the bug is that ETypeList sends
enctypes that the client doesn't support, ie the new
gss_krb5_set_allowable_enctypes() doesn't influce the list in ETypeList.
Love
Love
More information about the samba-technical
mailing list