71fb56309c
The 'use_strongest_session_key' block and its alternate should have similar behavior except for the order in which the enctype lists are processed. This patchset attempts to consolidate the exit processing and ensure that the inner loop enctype and key validation is the same. Bugs fixed: 1. In the 'use_strongest_session_key' case, the _kdc_is_weak_exception() test was applied during the client enctype loop which is only processed for acceptable enctypes. This test is moved to the local supported enctypes loop so as not to filter out weak keys when the service principal has an explicit exception. 2. In the 'use_strongest_session_key' case, the possibility of an enctype having keys with more than one salt was excluded. 3. In the 'use_strongest_session_key' case, the 'key' variable was not reset to NULL within each loop of the client enctype list. 4. In the '!use_strongest_session_key' case, the default salt test and is_preauth was inconsistent with the 'use_strongest_session_key' block. With this consolidation, if no enctype is selected and the service principal is permitted to use 1DES, then 1DES is selected. It doesn't matter whether 'use_strongest_session_key' is in use or not. Change-Id: Ib57264fc8bc23df64c70d39b4f6de48beeb54739
Heimdal is a Kerberos 5 implementation. For information how to install see <http://www.h5l.org/compile.html>. There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them: <heimdal-bugs@h5l.org>. For more information see the web-page at <http://www.h5l.org/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.