[SCM] Samba Shared Repository - branch v4-0-test updated
- release-4-0-0alpha5-243-gfcabe24
Stefan (metze) Metzmacher
metze at samba.org
Fri Aug 8 16:39:33 GMT 2008
Love Hörnquist Åstrand schrieb:
>
> 8 aug 2008 kl. 17.01 skrev Stefan (metze) Metzmacher:
>
>> Love Hörnquist Åstrand schrieb:
>>>> commit dbb94133e0313cae933d261af0bf1210807a6d11
>>>> Author: Stefan Metzmacher <metze at samba.org>
>>>> Date: Fri Aug 8 15:22:39 2008 +0200
>>>>
>>>> krb5: always generate the acceptor subkey as the same enctype as
>>>> the used service key
>>>
>>> Why doesn't the client use the acceptor subkey ?
>>
>> The client uses arcfour-hmac-md5 but the server replied with
>> an aes subkey. And then heimdal client and server don't endup with the
>> same key from gsskrb5_get_subkey(). Also it very likely that the
>> client may not support aes keys.
>
> If the client sends ETypeList with AES it better support AES in the
> gss_api function.
>
> If you extract the keys from the gss-layer you have limit what enctypes
> the clients support, and then the bug is that ETypeList sends enctypes
> that the client doesn't support, ie the new
> gss_krb5_set_allowable_enctypes() doesn't influce the list in ETypeList.
There's no ETypeList in the AP-REQ.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080808/07a0feb6/signature.bin
More information about the samba-technical
mailing list