oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Redo client key handling for AS

Browse Source 
Pick the replykey to be the same as the preauth key, this allows
us to delay the picking of client key to when its needed, this
means that we can have a reply keys for PKINIT that is independant
of what keys the client have.
This commit is contained in:
Love Hornquist Astrand
2009-09-23 00:14:57 -07:00
committed by Love Hornquist Astrand
parent 9a5b9ed720
commit 6df0783c7e
2 changed files with 68 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/krb5tgs.c
View File

@@ -1633,14 +1633,15 @@ server_lookup:
} else {
Key *skey;
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
&skey, &etype);
ret = _kdc_find_etype(context, server,
b->etype.val, b->etype.len, &skey);
if(ret) {
kdc_log(context, config, 0,
"Server (%s) has no support for etypes", spn);
goto out;
}
ekey = &skey->key;
etype = skey->key.keytype;
kvno = server->entry.kvno;
}