kdc: _kdc_find_etype if is_preauth must use long term keys
is_preauth (KFE_IS_PREAUTH is set) might require replying with PA-ETYPE-INFO[2] which requires use of the long-term keys. Without this change is_default_salt_p() can be called with 'key' eq NULL. Change-Id: I513fa768680225d4501d8b390e349a011666d90c
This commit is contained in:
@@ -266,7 +266,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
|
||||
|
||||
/* check target princ support */
|
||||
key = NULL;
|
||||
if (!(flags & KFE_USE_CLIENT) && princ->etypes) {
|
||||
if (!is_preauth && !(flags & KFE_USE_CLIENT) && princ->etypes) {
|
||||
/*
|
||||
* Use the etypes list from the server's HDB entry instead
|
||||
* of deriving it from its long-term keys. This allows an
|
||||
|
Reference in New Issue
Block a user