diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-05-07 20:35:28 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-05-07 20:35:28 +0000 |
commit | 56e9c98f2871f78130baf3f7c63ce2abe76e02f6 (patch) | |
tree | 790497f574323c9b0ea86cd297f50abb65ef4c44 /src/lib/krb5/libkrb5.exports | |
parent | e464cdfe7e7d969033126bb33febc98ccd75aee9 (diff) | |
download | krb5-56e9c98f2871f78130baf3f7c63ce2abe76e02f6.tar.gz krb5-56e9c98f2871f78130baf3f7c63ce2abe76e02f6.tar.xz krb5-56e9c98f2871f78130baf3f7c63ce2abe76e02f6.zip |
Try decrypting using session key if subkey fails in tgs rep handling
Heimdal at least up through 1.2 incorrectly encrypts the TGS response
in the session key not the subkey when a subkey is supplied. See RFC
4120 page 35. Work around this by trying decryption using the session
key after the subkey fails.
* decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for
TGS and now needs to take keyusage
* gc_via_tkt: pass in session key and appropriate usage if subkey
fails.
Note that the dead code to process AS responses in decode_kdc_rep is
not removed by this commit. That will be removed as FAST TGS client
support is integrated post 1.7.
ticket: 6484
Tags: pullup
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22325 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/libkrb5.exports')
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 45e5002f0..bd50fddb5 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -185,7 +185,6 @@ krb5_copy_ticket krb5_create_secure_file krb5_crypto_us_timeofday krb5_decode_authdata_container -krb5_decode_kdc_rep krb5_decode_ticket krb5_decrypt_tkt_part krb5_default_pwd_prompt1 |