83011252d7
The KDC's _kdc_db_fetch() cals the database's hdb_fetch_kvno() to obtain one or more decrypted versioned key sets. The KDC either requires one specific key set if a non-zero key version number is provided or all key sets. The key version zero indicates that the latest key version should be used. Prior to this change the KDC called hdb_fetch_kvno() with the HDB_F_KVNO_SPECIFIED flag when the kvno is zero breaking cross-realm with Active Directory. As of this change, HDB_F_KVNO_SPECIFIED is set for a non-zero kvno and HDB_F_ALL_KVNOS is set otherwise. Change-Id: I32f4d8da9b601d7bbec7d80cc34d0ff94f6670be
5.4 KiB
5.4 KiB