[16737] in Kerberos_V5_Development
Re: Decrypting KRB_CRED in AP_REQ
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 1 00:15:41 2011
From: Greg Hudson <ghudson@mit.edu>
To: Weijun Wang <weijun.wang@oracle.com>
In-Reply-To: <4D952C9A.7060705@oracle.com>
Date: Fri, 01 Apr 2011 00:15:35 -0400
Message-ID: <1301631335.10465.341.camel@t410>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, 2011-03-31 at 21:38 -0400, Weijun Wang wrote:
>
> On 03/31/2011 10:52 PM, Greg Hudson wrote:
> > On Thu, 2011-03-31 at 00:17 -0400, Weijun Wang wrote:
> >> Here, it seems the decrypt key should be the session key of the service
> >> ticket. What shall I do if the authenticator has a subkey?
> >
> > You should still use the session key of the service ticket.
> So, the following paragraph on
> http://packages.qa.debian.org/k/krb5/news/20100411T160238Z.html is about
> this issue?
No, that paragraph is about
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6687&user=guest&pass=guest
> I cannot find a bug id related. Is the old behavior back in 1.8.1?
The proper behavior is fixed on the 1.8 branch but may not be in a 1.8
release yet. (It's also fixed in 1.9, of course.) The bug is:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6768&user=guest&pass=guest
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
