Now that we fixed the signed-ness of nonce for windows, remove the

code that removed the signed bit. Instead add comment that they still
need to be the same (Kerberos protocol nonce and pk-init nonce) for Windows.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15055 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/init_creds_pw.c

@@ -1209,11 +1209,7 @@ init_cred_loop(krb5_context context,
     /* Set a new nonce. */
     krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce));
     ctx->nonce &= 0xffffffff;
-#ifdef PKINIT
+    /* XXX these just needs to be the same when using Windows PK-INIT */
-    /* XXX check if it isn't the that nonce is an unsigned
-     * variable so its just a asn1 mismatch */
-    ctx->nonce &= 0x7fffffff;
-#endif
     ctx->pk_nonce = ctx->nonce;
 
 #define MAX_PA_COUNTER 3