Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit

The MS-S4U documentation specifies that hmac-md5 be used for
PA-FOR-USER checksums; we were using the mandatory checksum type for
the key. Although some other checksum types appear to be allowed by
Active Directory KDCs, Richard Silverman reports that md5-des is not
one of them, causing S4U2Self requests to fail for DES keys.


https://github.com/krb5/krb5/commit/582eacef47c1a9c9386bf588978125322ac6b970
Commit By: ghudson
Revision: 24929
Changed Files:
U trunk/src/lib/krb5/krb/s4u_creds.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24929 from trunk

------------------------------------------------------------------------
r24929 | ghudson | 2011-05-14 10:49:00 -0400 (Sat, 14 May 2011) | 11 lines

ticket: 6912
subject: Use hmac-md5 checksum for PA-FOR-USER padata
target_version: 1.9.2
tags: pullup

The MS-S4U documentation specifies that hmac-md5 be used for
PA-FOR-USER checksums; we were using the mandatory checksum type for
the key. Although some other checksum types appear to be allowed by
Active Directory KDCs, Richard Silverman reports that md5-des is not
one of them, causing S4U2Self requests to fail for DES keys.

https://github.com/krb5/krb5/commit/ae3f34ebcca28b009b47973af8d8a163cb9b891a
Commit By: tlyu
Revision: 24954
Changed Files:
U branches/krb5-1-9/src/lib/krb5/krb/s4u_creds.c