Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: tlyu@mit.edu
Subject: SVN Commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 796


pull up r24929 from trunk

 ------------------------------------------------------------------------
 r24929 | ghudson | 2011-05-14 10:49:00 -0400 (Sat, 14 May 2011) | 11 lines

 ticket: 6912
 subject: Use hmac-md5 checksum for PA-FOR-USER padata
 target_version: 1.9.2
 tags: pullup

 The MS-S4U documentation specifies that hmac-md5 be used for
 PA-FOR-USER checksums; we were using the mandatory checksum type for
 the key.  Although some other checksum types appear to be allowed by
 Active Directory KDCs, Richard Silverman reports that md5-des is not
 one of them, causing S4U2Self requests to fail for DES keys.

https://github.com/krb5/krb5/commit/ae3f34ebcca28b009b47973af8d8a163cb9b891a
Commit By: tlyu
Revision: 24954
Changed Files:
U   branches/krb5-1-9/src/lib/krb5/krb/s4u_creds.c