[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 0.8-rc3
Love Hörnquist Åstrand wrote:
> 15 jan 2007 kl. 23.24 skrev Douglas E. Engert:
>
>> The code was not checking if this was the case and always using the
>> skey and thus would fail to decrypt PAC_SERVER_CHECKSUM.
>
>
> This is fixed by post 0.8-rc3, I got the same bug report from Andrew
> Bartlett.
>
> Are you sure this is correct you patch is correct, I would think it should
> use the o->ticket in the enc_tkt_in_skey case.
I though that was what I did. If the KDC_OPT_ENC_TKT_IN_SKEY is on,
then use the session key: &o->ticket->ticket.key otherwise use the
key used to decrypt the ticket whoich looked liek the o->keyblock.
But looking closer at 791, if (ap_req.ap_options.use_sesion_key...
Is this where the auth_context->keyblock is copied to the o->keyblock
the key to be used? in which case the mod should always use the o->keytab.
Then what is the &o->ticket->ticket.key ?
> Do you have any setup
> where you can try out the u2u case easily in a windows domain ?
>
No.
> Love
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444