Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.507 (Entity 5.507)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 428

Testing confirms that SAM-2 preauth (using the testing "grail" option) 
does not currently work with a non-default salt.

If we add the PA_HARDWARE flag to the etype-info system entries, it 
still doesn't work, because verify_grail_data() insists on a key with 
the normal salt type.  (verify_securid_data_2() does the same thing.)  
But if that call to krb5_dbe_find_enctype() is changed to allow any 
salt type, then it works.