[PATCH] Add KDC test to check cipher selection
Andrew Bartlett
abartlet at samba.org
Tue Jul 5 05:10:54 UTC 2016
On Mon, 2016-07-04 at 15:53 +0200, Andreas Schneider wrote:
> Hello,
>
> Günther made a patch 2 years ago for Samba AD DC with MIT Kerberos.
> Metze
> asked for a test to see if it is only needed for MIT. So first I
> wrote the MIT
> testcase:
>
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -mit-kdc
>
> and wrote one for Heimdal now:
>
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -kdc
>
> The patch is only needed for MIT Kerberos but I need to find out why
> MIT
> doesn't select the strongest key but let the KDB module decide which
> to use
> ...
>
> The new test is also attached.
>
>
> Review and push appreciated!
Please add your signed-off-by, otherwise:
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
If my autobuild with the attached makes it in first, then a trivial
adjustment needs to be made to avoid a conflict with the attached.
Otherwise, if you could fix up one patch or the other and submit them,
it would be great, as Garming also wrote an improvement to the krb5.kdc
test.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-kerberos-Return-enc-data-on-PREAUTH_FAILED.patch
Type: text/x-patch
Size: 8418 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160705/5d86f2ae/0001-kerberos-Return-enc-data-on-PREAUTH_FAILED.bin>
More information about the samba-technical
mailing list