On Tue, 10 Sep 2002, Tom Yu wrote:

> >>>>> "WF" == Wolfgang Friebel <Wolfgang.Friebel@cern.ch> writes:
> 
> >> Number:         1146
> >> Category:       krb5-clients
> >> Synopsis:       string2key gets wrong salt with Heimdal KDC and converted AFS accounts
> >> Description:
> 
> Thanks for the report and the patch; it will appear in an upcoming
> release.

Tom,

there was a typo in the 3 lines to be included. The test on c must of 
course not be >= 0 but > 0 only. It would even be better to get the salt 
correct in the first place, i.e. at the place where salt->data is set.
Below is the corrected patch:

*** krb5-1.2.5/src/lib/crypto/des/string2key.c	Fri Sep 24 23:17:09 1999
--- krb5-1.2.5/src/lib/crypto/des/string2key.c.new	Fri Aug  9 16:48:39 2002
***************
*** 99,104 ****
--- 99,107 ----
      if (salt) {
        if (salt->length == -1) {
        /* cheat and do AFS string2key instead */
+       char *c;
+       c=strchr(salt->data, '@');
+       if ( c > 0 ) *c = '\0';
        return mit_afs_string_to_key (keyblock, data, salt);
        } else
        length = data->length + salt->length;