kdc: _kdc_find_etype if is_preauth must use long term keys

is_preauth (KFE_IS_PREAUTH is set) might require replying with
PA-ETYPE-INFO[2] which requires use of the long-term keys.
Without this change is_default_salt_p() can be called with 'key'
eq NULL.

Change-Id: I513fa768680225d4501d8b390e349a011666d90c
This commit is contained in:
Jeffrey Altman
2022-01-24 10:41:51 -05:00
parent 31d5c38976
commit eb08f2ecdd

View File

@@ -266,7 +266,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
/* check target princ support */
key = NULL;
if (!(flags & KFE_USE_CLIENT) && princ->etypes) {
if (!is_preauth && !(flags & KFE_USE_CLIENT) && princ->etypes) {
/*
* Use the etypes list from the server's HDB entry instead
* of deriving it from its long-term keys. This allows an