On Nov 9, 2007, at 15:14, Jeffrey Altman via RT wrote: > Please review this patch to kadm5_decrypt_key(). This patch prevents > the returned keyblock's enctype from being coerced to the requested > 'ktype' if the requested 'ktype' == -1. A ktype of -1 is to be > ignored. Is the use of -1 here something that is already happening elsewhere, or something you're adding? I thought we had 0 as the magic enctype value elsewhere, maybe I'm wrong. Ken