Added support for alternate key/salt; attempt to use a V4 salttype if

possible.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2438 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 18 insertions, 3 deletions

diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c
index dfd4ac984..928d97da1 100644
--- a/src/kdc/kerberos_v4.c
+++ b/src/kdc/kerberos_v4.c
@@ -636,9 +636,24 @@ kerb_get_principal(name, inst, principal, maxn, more)
 		  (int) name, (int) inst, entries.key.keytype);
 	nprinc = 0;
 	goto cleanup;
-    } else if (! compat_decrypt_key( &entries.key, k)) {
-	bcopy(		k,	&principal->key_low,  LONGLEN);
-	bcopy((long *) 	k + 1,	&principal->key_high, LONGLEN);
+    } else {
+ 	/*
+	 * If the primary key's salt type is not V4, use the alternate
+	 * key instead, if it exists.
+	 */
+ 	if (entries.salt_type != KRB5_KDB_SALTTYPE_V4 &&
+	    entries.alt_key.length) {
+ 	    if (! compat_decrypt_key( &entries.alt_key,k)){
+ 		bcopy(              k,      &principal->key_low,  LONGLEN);
+             	bcopy((long *)      k + 1,  &principal->key_high, LONGLEN);
+	    }
+ 	}
+ 	else {
+ 	    if (! compat_decrypt_key( &entries.key, k)) {
+             	bcopy(              k,      &principal->key_low,  LONGLEN);
+             	bcopy((long *)      k + 1,  &principal->key_high, LONGLEN);
+	    }
+ 	}
     }
     /* convert v5's entries struct to v4's Principal struct:
      * v5's time-unit for lifetimes is 1 sec, while v4 uses 5 minutes.