From 86554f5a7f81da1efa2849fa6961ca71ad3b8e90 Mon Sep 17 00:00:00 2001
From: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Wed, 2 Jul 2014 20:24:49 -0400
Subject: [PATCH] Use correct value for anonymous flags

The KDC Option and Ticket Flag for the anonymous extension were changed
from 14 to 16 due to a conflict with S4U2Proxy in version 11 of the anonymous
draft (now RFC6112). Fix the definitions
---
 lib/asn1/krb5.asn1 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/asn1/krb5.asn1 b/lib/asn1/krb5.asn1
index c51cbbf6a..88c4f687a 100644
--- a/lib/asn1/krb5.asn1
+++ b/lib/asn1/krb5.asn1
@@ -338,8 +338,8 @@ TicketFlags ::= BIT STRING {
 	hw-authent(11),
 	transited-policy-checked(12),
 	ok-as-delegate(13),
-	anonymous(14),
-	enc-pa-rep(15)
+	enc-pa-rep(15),
+	anonymous(16)
 }
 
 KDCOptions ::= BIT STRING {
@@ -351,9 +351,9 @@ KDCOptions ::= BIT STRING {
 	allow-postdate(5),
 	postdated(6),
 	renewable(8),
-	request-anonymous(14),
+	constrained-delegation(14), -- ms extension (aka cname-in-addl-tkt)
 	canonicalize(15),
-	constrained-delegation(16), -- ms extension
+	request-anonymous(16),
 	disable-transited-check(26),
 	renewable-ok(27),
 	enc-tkt-in-skey(28),