[31404] in CVS-changelog-for-Kerberos-V5
krb5 commit: Allow only one salt type per enctype in key data
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Thu Feb 6 18:02:26 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250206230218.D1684101CA3@krbdev.mit.edu>
Date: Thu, 6 Feb 2025 18:02:18 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/367ccd2fcf8b4adb82bfc7ef9b5f04ff94f80326
commit 367ccd2fcf8b4adb82bfc7ef9b5f04ff94f80326
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Jan 29 00:22:57 2025 -0500
Allow only one salt type per enctype in key data
In the default libkdb5 password change method, omit requested key/salt
combinations that duplicate an earlier encryption type, even if they
have a different salt type. Any use cases for multiple salts for the
same enctype disappeared with single-DES support. (We already have
this behavior for chrand requests.)
ticket: 9160 (new)
src/lib/kdb/kdb_cpw.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index c33c7cf8d..8b012e19e 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -264,8 +264,7 @@ add_key_pwd(krb5_context context, krb5_keyblock *master_key,
&similar)))
return(retval);
- if (similar &&
- (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype))
+ if (similar)
break;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
