lib/krb5: Allow any kvno to match when searching the keytab.

Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>

lib/krb5/rd_req.c

@@ -985,8 +985,7 @@ krb5_rd_req_ctx(krb5_context context,
 		goto out;
 	    }
 
-	    if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype ||
-		(kvno && kvno != entry.vno)) {
+	    if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype) {
 		krb5_kt_free_entry (context, &entry);
 		continue;
 	    }