Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.507 (Entity 5.507)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 867


Always use AS-REP enctype in PKINIT client

The get_etype() callback originally only returned the AS-REP enctype
for PKINIT, but was changed for encrypted challenge to sometimes
return the enctype from etype-info.  (Encrypted challenge no longer
uses the callback; PKINIT is currently the only known consumer.)  Make
sure to always return the AS-REP enctype if an AS-REP has been
received, so that the PKINIT clpreauth module uses the correct enctype
even if the KDC sends a different enctype in etype-info in violation
of RFC 4120.

https://github.com/krb5/krb5/commit/0a9bd34b97ebf794b6ddbeb17c274623b445cca4
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0a9bd34b97ebf794b6ddbeb17c274623b445cca4
Branch: master
 src/include/krb5/clpreauth_plugin.h |    7 +++----
 src/lib/krb5/krb/preauth2.c         |    6 +++++-
 2 files changed, 8 insertions(+), 5 deletions(-)