[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.8-rc3

Love Hörnquist Åstrand wrote:
> 15 jan 2007 kl. 23.24 skrev Douglas E. Engert:
>> The code was not checking if this was the case and always using the
>> skey and thus would fail to decrypt PAC_SERVER_CHECKSUM.
> This is fixed by post 0.8-rc3, I got the same bug report from Andrew 
> Bartlett.
> Are you sure this is correct you patch is correct, I would think it should
> use the o->ticket in the enc_tkt_in_skey case.

I though that was what I did.  If the KDC_OPT_ENC_TKT_IN_SKEY  is on,
then use the session key: &o->ticket->ticket.key  otherwise use the
key used to decrypt the ticket whoich looked liek the o->keyblock.

But looking closer at 791, if (ap_req.ap_options.use_sesion_key...
Is this where the auth_context->keyblock is copied to the o->keyblock
the  key to be used? in which case the mod should always use the o->keytab.

Then what is the &o->ticket->ticket.key ?

 > Do you have any setup
> where you can try out the u2u case easily in a windows domain ?


> Love


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444