[PATCH] s3-krb5: Limit search for old kvno to 8bits

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed May 7 01:18:35 MDT 2014

On Tue, May 06, 2014 at 08:57:52PM -0700, Christof Schmitt wrote:
> >From cb0e25d1eb52e15f9c771a5d99027ab4afed3168 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Tue, 6 May 2014 16:48:07 -0700
> Subject: [PATCH] s3-krb5: Limit search for old kvno to 8bits
> Some keytab files store the kvno only in 8bits. Limit the compare to
> 8bits, so that we don't miss old keys and delete them. This fixes the
> problem that updates to the keytab file removed all previous keys.

What kerberos library does this? And -- does this make sure
we don't delete too much on libraries that have wider kvnos?
Is there a way to detect this? If I'm asking stupid
questions, please excuse my Kerberos illiteracy :-)



SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list