Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 901 Only include one key in etype-info As described in RFC 6113 section 2.1, the KDC can choose a single long-term key at the beginning of the preauth conversation based on the request enctype list. Implement this change for the PA-ETYPE-INFO and PA-ETYPE-INFO2 padata included in preauth hint lists, by selecting the client key before checking padata, making the client keyblock available in the preauth rock, and unifying the etype-info handlers to use a single helper function for edata and AS-REP padata. https://github.com/krb5/krb5/commit/385cd2d07983a89892dad1606e1a41a78066c6ec Author: Greg Hudson Commit: 385cd2d07983a89892dad1606e1a41a78066c6ec Branch: master src/kdc/do_as_req.c | 88 ++++++++++------ src/kdc/kdc_preauth.c | 269 +++++++++---------------------------------------- src/kdc/kdc_util.h | 1 + 3 files changed, 104 insertions(+), 254 deletions(-)