[PATCH] heimdal: encode/decode kvno as signed 32-bit integer
Stefan Metzmacher
metze at samba.org
Sat May 7 09:57:37 UTC 2016
Hi Uri,
> The following patch fixes an interoperability issue with Windows in the
> presence of RODC's. Bug 11900 has the details.
>
> Basically the patch modifies Kerberos to deviate from RFC4120 in order
> to attain interoperability. Dochelp confirmed that Windows treats kvno
> as signed in deviation from rfc4120, and it looks like MIT is doing the
> same in order to interoperate with Windows.
>
> This passes local autobuild. While fixing the RODC issue for clients,
> the room for regressions as either client or server, is if there is an
> RFC4120-conforming peer and there's a kvno > 0x7fffffff (two billion
> password changes). Not sure how Samba as an RODC is affected, and that's
> one of the things I'd like the AD-DC wise men to comment on.
>
> Review appreciated.
Please also prepare a patch for upstream heimdal
https://github.com/heimdal/heimdal.
Otherwise reviewed by me.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160507/a613fe49/signature.sig>
More information about the samba-technical
mailing list