Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.12.9) with ESMTP id lA9KSSHW020780; Fri, 9 Nov 2007 15:28:28 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id lA9KSM6w022857; Fri, 9 Nov 2007 15:28:22 -0500 (EST) Received: from [69.25.196.100] (c-65-96-188-63.hsd1.ma.comcast.net [65.96.188.63]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id lA9KSIfU016423 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 9 Nov 2007 15:28:21 -0500 (EST) In-Reply-To: References: MIME-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: <0F8FCC28-DC0C-4D17-AE22-7BE7C43E58F4@mit.edu> Content-Transfer-Encoding: 7bit From: Ken Raeburn Subject: Re: [krbdev.mit.edu #5840] Prevent kadm5_decrypt_key() from coercing the keytype if the requested ktype == -1 Date: Fri, 9 Nov 2007 15:28:17 -0500 To: rt@krbdev.mit.edu X-Mailer: Apple Mail (2.752.2) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 460 On Nov 9, 2007, at 15:14, Jeffrey Altman via RT wrote: > Please review this patch to kadm5_decrypt_key(). This patch prevents > the returned keyblock's enctype from being coerced to the requested > 'ktype' if the requested 'ktype' == -1. A ktype of -1 is to be > ignored. Is the use of -1 here something that is already happening elsewhere, or something you're adding? I thought we had 0 as the magic enctype value elsewhere, maybe I'm wrong. Ken