diff options
| author | Simo Sorce <ssorce@redhat.com> | 2008-08-12 16:11:16 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2008-09-10 15:43:40 -0400 |
| commit | f3d5578b9448de08f678debcad6ae8110d8c20c4 (patch) | |
| tree | e53a95cc5dd55c34f94e5e59ddae98c0f356f1a2 | |
| parent | 337c9abb277bc678d2034155aac484ada2d7025e (diff) | |
| download | freeipa-f3d5578b9448de08f678debcad6ae8110d8c20c4.tar.gz freeipa-f3d5578b9448de08f678debcad6ae8110d8c20c4.tar.xz freeipa-f3d5578b9448de08f678debcad6ae8110d8c20c4.zip | |
Comment out code that generates keys with a random salt, apparently this does not work as expected and generates faulty keys
| -rw-r--r-- | ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index b20340df..60b40212 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -576,6 +576,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, * we have to use a more conservative approach and set the salt * to be REALMprincipal (the concatenation of REALM and principal * name without any separator) */ +#if 0 if (krbTicketFlags & KTF_REQUIRES_PRE_AUTH) { salt.length = KRB5P_SALT_SIZE; salt.data = malloc(KRB5P_SALT_SIZE); @@ -592,6 +593,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, goto enc_error; } } else { +#endif krberr = krb5_principal2salt(krbctx, princ, &salt); if (krberr) { slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", @@ -599,7 +601,9 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krb5_get_error_message(krbctx, krberr)); goto enc_error; } +#if 0 } +#endif break; case KRB5_KDB_SALTTYPE_V4: |