Try forwarding with no enctype restriction if forwarding with an

enctype restriction fails.  This is sufficient for 1.3.

Ticket: 1473

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15431 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index acce4eadb7b0f977e266bb22af2e60aae9a5ba92..14026dc28101cb490744576c350073ab064534e5 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,5 +1,8 @@
 2003-05-13  Sam Hartman  <hartmans@mit.edu>
 
+       * fwd_tgt.c (krb5_fwd_tgt_creds): Try with no specified enctype if
+       forwarding a specific enctype fails. l
+
        * get_in_tkt.c (krb5_get_init_creds): Free s2kparams
 
        * preauth2.c (krb5_do_preauth): Fix memory management

diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index aa42f8cc16139f17b2e6105e44f765cc172a92f1..844536bbd6b603e7172790d5346d96f58a5f2ace 100644 (file)
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -161,9 +161,15 @@ retval = KRB5_FWD_BAD_PRINCIPAL;
       kdcoptions &= ~(KDC_OPT_FORWARDABLE);
 
     if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-                                       addrs, &creds, &pcreds)))
-        goto errout;
-
+                                       addrs, &creds, &pcreds))) {
+       if (enctype) {
+           creds.keyblock.enctype = 0;
+           if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+                                               addrs, &creds, &pcreds))) 
+               goto errout;
+       }
+       else goto errout;
+    }
     retval = krb5_mk_1cred(context, auth_context, pcreds,
                            &scratch, &replaydata);
     krb5_free_creds(context, pcreds);