Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Change KRB5KDC_ERR_NO_ACCEPTABLE_KDF to 100

draft-ietf-krb-wg-pkinit-alg-agility-07 specifies
KDC_ERR_NO_ACCEPTABLE_KDF as 82, but this value conflicts with
KRB_AP_ERR_PRINCIPAL_UNKNOWN from RFC 6111. The former value has been
reassigned to 100 to fix the conflict. Use the correct value.

We believe that this error won't crop up in practice for a long time
(when SHA-2 has been superceded by other hash algorithms and people
are desupporting it), by which time implementations will mostly have
been upgraded to use the new value.

https://github.com/krb5/krb5/commit/2938851a5ec77ab68bcd1f5cfd07991c7ccabea6
Author: Greg Hudson <ghudson@mit.edu>
Commit: 2938851a5ec77ab68bcd1f5cfd07991c7ccabea6
Branch: master
src/lib/krb5/error_tables/krb5_err.et | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
It would be good to backport this to 1.11.x and 1.10.x as well, to get as
many deployments as possible to use the new value of the error code.
From: tlyu@mit.edu
Subject: git commit

Change KRB5KDC_ERR_NO_ACCEPTABLE_KDF to 100

draft-ietf-krb-wg-pkinit-alg-agility-07 specifies
KDC_ERR_NO_ACCEPTABLE_KDF as 82, but this value conflicts with
KRB_AP_ERR_PRINCIPAL_UNKNOWN from RFC 6111. The former value has been
reassigned to 100 to fix the conflict. Use the correct value.

We believe that this error won't crop up in practice for a long time
(when SHA-2 has been superceded by other hash algorithms and people
are desupporting it), by which time implementations will mostly have
been upgraded to use the new value.

(cherry picked from commit 2938851a5ec77ab68bcd1f5cfd07991c7ccabea6)

https://github.com/krb5/krb5/commit/94ab21f043c26c8fc79a01b1828f6fd0bbb5462b
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 94ab21f043c26c8fc79a01b1828f6fd0bbb5462b
Branch: krb5-1.12
src/lib/krb5/error_tables/krb5_err.et | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)