Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: iso-8859-1 Content-Length: 650 Ken Raeburn via RT wrote: > On Nov 9, 2007, at 15:14, Jeffrey Altman via RT wrote: >> Please review this patch to kadm5_decrypt_key(). This patch prevents >> the returned keyblock's enctype from being coerced to the requested >> 'ktype' if the requested 'ktype' == -1. A ktype of -1 is to be >> ignored. > > Is the use of -1 here something that is already happening elsewhere, > or something you're adding? I thought we had 0 as the magic enctype > value elsewhere, maybe I'm wrong. > > Ken Please read the comment at the top of the function. -1 means that the ktype value should be ignored when searching for the correct keyblock entry.