[17030] in Kerberos_V5_Development
Re: Multiple ETYPE-INFO-ENTRY with same etype but different salts
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Jul 15 09:30:13 2011
From: Sam Hartman <hartmans@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Date: Fri, 15 Jul 2011 09:30:04 -0400
In-Reply-To: <1310735811.2694.195.camel@t410> (Greg Hudson's message of "Fri,
15 Jul 2011 09:16:51 -0400")
Message-ID: <tsllivzoen7.fsf@mit.edu>
MIME-Version: 1.0
Cc: Weijun Wang <weijun.wang@oracle.com>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Greg" == Greg Hudson <ghudson@MIT.EDU> writes:
Greg> It's arguably a bug that we return multiple etype-info2 entries with the
Greg> same enctype, and then (I assume) only try the first key entry matching
Greg> the enctype when decrypting an encrypted-timestamp preauth request. We
Greg> should either prune the etype-info2 entries to one per enctype, or try
Greg> multiple keys against a preauth request.
RFC 6113 recommends pruning the list.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
