Please review the following patch to krb5_string_to_keysalts() in
src/lib/kadm5/str_conv.c.

Index: str_conv.c

===================================================================

--- str_conv.c  (revision 20163)

+++ str_conv.c  (working copy)

@@ -310,7 +310,7 @@

        septmp = ksseplist;

        for (sp = strchr(kp, (int) *septmp);

             *(++septmp) && !sp;

-            ep = strchr(kp, (int) *septmp));

+            sp = strchr(kp, (int) *septmp));

        if (sp) {

            /* Separate enctype from salttype */

@@ -346,6 +346,9 @@

                    krb5_xfree(savep);

                }

+                if (stype == -1)

+                    stype == KRB5_KDB_SALT_TYPETYPE_NORMAL;

+

                /* Save our values */

                (*ksaltp)[(*nksaltp)].ks_enctype = ktype;

                (*ksaltp)[(*nksaltp)].ks_salttype = stype;

The patch corrects an infinite loop in the parsing of 'kp'.

Also, instead of setting the ks_salttype field to -1 which is an invalid
salttype, we default to using the normal salt type instead.

These changes have been in use at a client's site for many years.

Jeffrey Altman