[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-243-gfcabe24

Love Hörnquist Åstrand lha at kth.se
Fri Aug 8 15:06:44 GMT 2008

8 aug 2008 kl. 17.01 skrev Stefan (metze) Metzmacher:

> Love Hörnquist Åstrand schrieb:
>>> commit dbb94133e0313cae933d261af0bf1210807a6d11
>>> Author: Stefan Metzmacher <metze at samba.org>
>>> Date:   Fri Aug 8 15:22:39 2008 +0200
>>>   krb5: always generate the acceptor subkey as the same enctype as
>>> the used service key
>> Why doesn't the client use the acceptor subkey ?
> The client uses arcfour-hmac-md5 but the server replied with
> an aes subkey. And then heimdal client and server don't endup with the
> same key from gsskrb5_get_subkey(). Also it very likely that the
> client may not support aes keys.

If the client sends ETypeList with AES it better support AES in the  
gss_api function.

If you extract the keys from the gss-layer you have limit what  
enctypes the clients support, and then the bug is that ETypeList sends  
enctypes that the client doesn't support, ie the new  
gss_krb5_set_allowable_enctypes() doesn't influce the list in ETypeList.



More information about the samba-technical mailing list