diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-02-07 03:55:12 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-02-07 03:55:12 +0000 |
| commit | 4d5d309d8a0198ca49fd0f9cde7d3f990fcf8e52 (patch) | |
| tree | 22596fb59a5320a438b07462ffa58d5c192b5c79 /src | |
| parent | 0ae4a76a7a6b52210e4ee65fad298d9f5c1d484b (diff) | |
| download | krb5-4d5d309d8a0198ca49fd0f9cde7d3f990fcf8e52.tar.gz krb5-4d5d309d8a0198ca49fd0f9cde7d3f990fcf8e52.tar.xz krb5-4d5d309d8a0198ca49fd0f9cde7d3f990fcf8e52.zip | |
updated some comments (fcusack)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12009 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 9 |
2 files changed, 9 insertions, 6 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 86978f360..84fdb5213 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -960,6 +960,12 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data, /* XXX if there's padata on output, something is wrong, but it's not obviously an error */ + /* XXX For 1.1.1 and prior KDC's, when SAM is used w/ USE_SAD_AS_KEY, + the AS_REP comes back encrypted in the user's longterm key + instead of in the SAD. If there was a SAM preauth, there + will be an as_key here which will be the SAD. If that fails, + use the gak_fct to get the password, and try again. */ + /* XXX because etypes are handled poorly (particularly wrt SAM, where the etype is fixed by the kdc), we may want to try decrypt_as_reply twice. If there's an as_key available, try diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 5771170c3..94a22d396 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -105,11 +105,6 @@ krb5_error_code pa_enc_timestamp(krb5_context context, krb5_enc_data enc_data; krb5_pa_data *pa; - /* - * We need to use the password as part or all of the key. - * If as_key contains info, it should be the users pass phrase. - * If not, get the password before issuing the challenge. - */ if (as_key->length == 0) { if (ret = ((*gak_fct)(context, request->client, request->ktype[0], prompter, prompter_data, @@ -316,7 +311,9 @@ krb5_error_code pa_sam(krb5_context context, salt = NULL; #endif - /* XXX the server uses this fixed enctype, so we will, too. */ + /* XXX As of the passwords-04 draft, no enctype is specified, + the server uses ENCTYPE_DES_CBC_MD5. In the future the + server should send a PA-SAM-ETYPE-INFO containing the enctype. */ ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, &response_data, salt, as_key); |