[37789] in Kerberos
Re: Option for multiple PA-ETYPE-INFO(2)-ENTRY (old behaviour)
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Nov 18 14:23:37 2016
To: Dameon Wagner <dameon.wagner@it.ox.ac.uk>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <0802e7eb-ba55-24be-0f1a-716d40080c36@mit.edu>
Date: Fri, 18 Nov 2016 14:23:16 -0500
MIME-Version: 1.0
In-Reply-To: <1f8973d3-514d-de16-db6c-ff623ddf30ca@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/18/2016 02:08 PM, Greg Hudson wrote:
> Unfortunately, neither backporting the 1.14 tgt rekeying fixes
> nor forward-porting the 1.13 pa-etype-info2 behavior is likely to be
> easy, so I can't offer a solution better than the ones you've already
> determined.
Actually, you could try reintroducing commit
18b02f3e839c007fff54fc9b693f479b7563ec73 to the 1.14 KDC. That's a
pretty simple change, and I think it should work. (We reverted it
because we found a more correct fix for the kinit -k issue we had run into.)
https://github.com/krb5/krb5/commit/18b02f3e839c007fff54fc9b693f479b7563ec73
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
