[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Propagating MIT-Kerberos Database to Heimdal KDC



Friedrich Delgado Friedrichs <delgado@cert.dfn.de> writes:

> Any success, so far?

Sorry I haven't had time to look at a real fix for this. 

If you are desperate you can try this patch for lib/hdb/mkey.c.  I
haven't really tested this patch in any way, but the principle should
be correct.

/Johan

--- mkey.c	2003/09/19 00:20:20	1.17
+++ mkey.c	2003/10/31 16:49:31
@@ -396,6 +396,12 @@
 			   k->key.keyvalue.data,
 			   k->key.keyvalue.length,
 			   &res);
+	if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+	    /* XXX try to decrypt with MIT key usage */
+	    ret = krb5_decrypt(context, key->crypto, 0,
+			       k->key.keyvalue.data,
+			       k->key.keyvalue.length,
+			       &res);
 	if (ret)
 	    return ret;