[PATCH] heimdal: encode/decode kvno as signed 32-bit integer

Ralph Boehme slow at samba.org
Sat May 7 15:43:24 UTC 2016


On Sat, May 07, 2016 at 12:02:18AM +0300, Uri Simchoni wrote:
> Hi,
> 
> The following patch fixes an interoperability issue with Windows in the
> presence of RODC's. Bug 11900 has the details.
> 
> Basically the patch modifies Kerberos to deviate from RFC4120 in order
> to attain interoperability. Dochelp confirmed that Windows treats kvno
> as signed in deviation from rfc4120, and it looks like MIT is doing the
> same in order to interoperate with Windows.
> 
> This passes local autobuild. While fixing the RODC issue for clients,
> the room for regressions as either client or server, is if there is an
> RFC4120-conforming peer and there's a kvno > 0x7fffffff (two billion
> password changes). Not sure how Samba as an RODC is affected, and that's
> one of the things I'd like the AD-DC wise men to comment on.
> 
> Review appreciated.

reviewed and pushed.

Cheerio!
-slow



More information about the samba-technical mailing list