[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checksum in mk_req_internal



Ake Sandgren <ake@cs.umu.se> writes:
> Heimdal 0.1c:
> In make_pa_tgs_req there is a check of the initial ticket for CBC_CRC
> encryption where the comment talks about DCE. It sets ac->...checksumtype to
> RSA_MD4, ac->ecntype to CBC_CRC and then calls krb5_mk_req_internal.
> It in turn totally ignores that and uses CRC32 instead (as a result of
> calling crypto_init with CBC_CRC from ac->enctype

Do you really get that far?  Doesn't krb5_auth_setcksumtype dump core?

So, it uses CRC32 instead of MD4 which is not optimal, but it doesn't
break, does it?  As far as I remeber, that kludge was added because
otherwise the code would try to use MD5 which the DCE code didn't
understand (or implemented incorrectly).  Is it really worth keeping
the kludge now that the code seems to work (even if not optimally) but
itself?

/assar