[PATCH] Add KDC test to check cipher selection

Andrew Bartlett abartlet at samba.org
Tue Jul 5 05:10:54 UTC 2016

On Mon, 2016-07-04 at 15:53 +0200, Andreas Schneider wrote:
> Hello,
> Günther made a patch 2 years ago for Samba AD DC with MIT Kerberos.
> Metze 
> asked for a test to see if it is only needed for MIT. So first I
> wrote the MIT 
> testcase:
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -mit-kdc
> and wrote one for Heimdal now:
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -kdc
> The patch is only needed for MIT Kerberos but I need to find out why
> MIT 
> doesn't select the strongest key but let the KDB module decide which
> to use 
> ...
> The new test is also attached.
> Review and push appreciated!

Please add your signed-off-by, otherwise:

Reviewed-by: Andrew Bartlett <abartlet at samba.org>

If my autobuild with the attached makes it in first, then a trivial
adjustment needs to be made to avoid a conflict with the attached. 

Otherwise, if you could fix up one patch or the other and submit them,
it would be great, as Garming also wrote an improvement to the krb5.kdc


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-kerberos-Return-enc-data-on-PREAUTH_FAILED.patch
Type: text/x-patch
Size: 8418 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160705/5d86f2ae/0001-kerberos-Return-enc-data-on-PREAUTH_FAILED.bin>

More information about the samba-technical mailing list