[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Propagating MIT-Kerberos Database to Heimdal KDC

To: Heimdal Discussion List <heimdal-discuss@sics.se>
Subject: Re: Propagating MIT-Kerberos Database to Heimdal KDC
From: joda@pdc.kth.se (Johan Danielsson)
Date: Fri, 31 Oct 2003 17:55:09 +0100
In-Reply-To: <20031031153820.GA23213@titan.cert.dfn.de> (Friedrich DelgadoFriedrichs's message of "Fri, 31 Oct 2003 16:38:21 +0100")
References: <20031021132510.GA2857@titan.cert.dfn.de><xofd6cqef7o.fsf@blubb.pdc.kth.se><20031022113958.GA8271@titan.cert.dfn.de><xofvfqhcpxn.fsf@blubb.pdc.kth.se><20031024115420.GA16820@titan.cert.dfn.de><xofk76qrg3q.fsf@blubb.pdc.kth.se><20031031153820.GA23213@titan.cert.dfn.de>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/20.7 (berkeley-unix)

Friedrich Delgado Friedrichs <delgado@cert.dfn.de> writes:

> Any success, so far?

Sorry I haven't had time to look at a real fix for this. 

If you are desperate you can try this patch for lib/hdb/mkey.c.  I
haven't really tested this patch in any way, but the principle should
be correct.

/Johan

--- mkey.c	2003/09/19 00:20:20	1.17
+++ mkey.c	2003/10/31 16:49:31
@@ -396,6 +396,12 @@
 			   k->key.keyvalue.data,
 			   k->key.keyvalue.length,
 			   &res);
+	if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+	    /* XXX try to decrypt with MIT key usage */
+	    ret = krb5_decrypt(context, key->crypto, 0,
+			       k->key.keyvalue.data,
+			       k->key.keyvalue.length,
+			       &res);
 	if (ret)
 	    return ret;

References:
- Propagating MIT-Kerberos Database to Heimdal KDC
  - From: delgado@cert.dfn.de
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: Friedrich Delgado Friedrichs <delgado@cert.dfn.de>
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: Friedrich Delgado Friedrichs <delgado@cert.dfn.de>
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: Propagating MIT-Kerberos Database to Heimdal KDC
  - From: Friedrich Delgado Friedrichs <delgado@cert.dfn.de>

Prev by Date: Re: Preautentication support
Prev by thread: Re: Propagating MIT-Kerberos Database to Heimdal KDC
Next by thread: Cobalt installation
Index(es):
- Date
- Thread