Initial patch for dealing with AD x-realm key rollover

AD issues x-realm TGTs with kvno 0. On key x-realm trust key change we need to be able to try current and previous keys for trust, else we will have some failures.
2011-11-11 02:06:48 -06:00
parent b26fc106de
commit c9609cdb37
9 changed files with 105 additions and 47 deletions
--- a/kdc/digest-service.c
+++ b/kdc/digest-service.c
@@ -118,7 +118,7 @@ ntlm_service(void *ctx, const heim_idata *req,
 	if (ret)
 	    goto failed;

-	ret = hdb_enctype2key(context, &user->entry,
+	ret = hdb_enctype2key(context, &user->entry, NULL,
 			      ETYPE_ARCFOUR_HMAC_MD5, &key);
 	if (ret) {
 	    krb5_set_error_message(context, ret, "NTLM missing arcfour key");