Re: heimdal 1.0.1 w2k interop

[Andy Polyakov <appro@fy.chalmers.se>]

Ooops! This time with attachement:-) A.

> - w2k can parse only PA_ENCTYPE_INFO structure, while heimdal fails to 
> provide this structure, because it fails to identify w2k as "old" client;
> 
> First issue is still present in 1.0.1, because it fails to identify 
> legacy Microsoft cryptotypes as "old" ones. Attached patch does the 
> trick for us [by adding just mentioned cryptotypes to older_enctype()] 
> and [so far] was tested with w2k, wxp, vista, mit krb5 and admitmac.
--- ./kdc/kerberos5.c.orig	2007-08-09 09:47:22.000000000 +0200
+++ ./kdc/kerberos5.c	2007-10-16 10:02:06.000000000 +0200
@@ -362,6 +362,9 @@
     case ETYPE_DES3_CBC_SHA1:
     case ETYPE_ARCFOUR_HMAC_MD5:
     case ETYPE_ARCFOUR_HMAC_MD5_56:
+    case ETYPE_ARCFOUR_MD4:		/* windows specific */
+    case ETYPE_ARCFOUR_HMAC_OLD:
+    case ETYPE_ARCFOUR_HMAC_OLD_EXP:
 	return 1;
     default:
 	return 0;
--- ./lib/asn1/k5.asn1.orig	2007-08-09 09:47:10.000000000 +0200
+++ ./lib/asn1/k5.asn1	2007-10-15 23:39:29.000000000 +0200
@@ -137,6 +137,10 @@
 	ETYPE_ARCFOUR_HMAC_MD5(23),
 	ETYPE_ARCFOUR_HMAC_MD5_56(24),
 	ETYPE_ENCTYPE_PK_CROSS(48),
+-- some "old" windows types
+	ETYPE_ARCFOUR_MD4(-128),
+	ETYPE_ARCFOUR_HMAC_OLD(-133),
+	ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
 -- these are for Heimdal internal use
 	ETYPE_DES_CBC_NONE(-0x1000),
 	ETYPE_DES3_CBC_NONE(-0x1001),