Date: Fri, 14 Oct 2005 13:19:57 -0500
From: Will Fiveash <William.Fiveash@sun.com>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #3207] AS_REP padata missing PA-ETYPE-INFO
Message-Id: <20051014181957.GI6361@sun.com>
References: <rt-3207-14767.1.5727929776947@krbdev.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <rt-3207-14767.1.5727929776947@krbdev.mit.edu>
User-Agent: Mutt/1.5.9i
RT-Send-Cc: 
Content-Length: 970

On Fri, Oct 14, 2005 at 01:55:45PM -0400, william.fiveash@sun.com via RT wrote:
> On Thu, Oct 13, 2005 at 06:56:39PM -0400, Tom Yu via RT wrote:
> > Could you please look at svn revision 17424 to see if it fixes the
> > problem?  My tracing through the code in a debugger shows that it
> > does, but I would like some verification.  Let me know if you prefer a
> > diff rather than pulling the patch out of svn.
> 
> I'm looking at it now.  I'll get back to you shortly.

It looks good to me.  Another way to verify the code is doing the right
thing is set default_tkt_enctypes = des-cbc-rc, kinit for a princ that
has long term keys that include newer enctypes in addition to DES,
capture the krb AS exchange on the wire and examine it with the latest
developer version of ethereal (I recently submitted a patch so it will
parse PA-ETYPE-INFO2 and newer enctypes).  This is how I discovered the
bug.

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)