Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 1987 From assar@pdc.kth.se Mon Mar 26 01:02:47 2001 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id BAA01515 for ; Mon, 26 Mar 2001 01:02:47 -0500 (EST) Received: from ratatosk.pdc.kth.se (ratatosk.pdc.kth.se [193.10.159.41]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id BAA20908; Mon, 26 Mar 2001 01:02:46 -0500 (EST) Received: (from assar@localhost) by ratatosk.pdc.kth.se (8.11.1/8.11.1) id f2Q62iG315661; Mon, 26 Mar 2001 08:02:44 +0200 (CEST) Message-Id: <200103260602.f2Q62iG315661@ratatosk.pdc.kth.se> Date: Mon, 26 Mar 2001 08:02:44 +0200 (CEST) From: assar@sics.se To: krb5-bugs@mit.edu Cc: hartmans@mit.edu Subject: kdc accepts etypes in as-req that are not accepted in tgs-req X-Send-Pr-Version: 3.99 >Number: 934 >Category: krb5-kdc >Synopsis: kdc accepts etypes in as-req that are not accepted in tgs-req >Confidential: no >Severity: serious >Priority: high >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Mon Mar 26 01:03:01 EST 2001 >Last-Modified: >Originator: Assar Westerlund >Organization: heimdal hackers >Release: krb5-1.2.2 >Environment: any >Description: select_session_keytype will give up krbtgt-tickets with enctypes that will not be accepted when the poor client ties to use these tickets >How-To-Repeat: grab your heimdal kinit, get a krbtgt from a MIT kdc, watch it having des-cbc-md5 type, try to obtain an additional ticket, get unhelpful error messages back >Fix: --- kdc_util.c~ Wed Feb 28 23:07:28 2001 +++ kdc_util.c Sun Mar 4 07:38:54 2001 @@ -1456,6 +1456,9 @@ if (!valid_enctype(ktype[i])) continue; + if (!krb5_is_permitted_enctype(context, ktype[i])) + continue; + if (dbentry_supports_enctype(context, server, ktype[i])) return ktype[i]; } >Audit-Trail: >Unformatted: