Fix bug in finding the tgs key;

we really really want to avoid encrypting v4 tickets in DES3 keys.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7407 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog
index d95aa09c570fe67bf04130f7cf0c09815b0c7101..359d7a60853d80742af601ffd7d0cc2c6784e251 100644 (file)
--- a/src/krb524/ChangeLog
+++ b/src/krb524/ChangeLog
@@ -1,3 +1,10 @@
+Sat Jan 27 01:31:12 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+       * krb524d.c (kdc_get_server_key): If an enctype is given, then use
+        iit even after falling back from trying a v4salt.  If we don't, we
+        have a good chance fo getting the DES3 TGT service key, and that
+        just doesn't do what we want.
+
 Thu Jan 25 02:07:46 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
        * cnv_tkt_skey.c (krb524_convert_tkt_skey): Take both a v5 and v4

diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c
index 8423197705a4d2af13bed215fc2c72c53ebef5d4..f4d97f83a99eb400516effaaf28b3ef3835f0cf1 100644 (file)
--- a/src/krb524/cnv_tkt_skey.c
+++ b/src/krb524/cnv_tkt_skey.c
@@ -1,3 +1,4 @@
+
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  * 

diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c
index e062a3392d7a64cea39b4c157fbaf1fa3044495e..396056b899b7483026672ee17f264f130639f782 100644 (file)
--- a/src/krb524/krb524d.c
+++ b/src/krb524/krb524d.c
@@ -441,7 +441,7 @@ krb5_error_code kdc_get_server_key(context, service, key, kvno, ktype)
     krb5_principal service;
     krb5_keyblock *key;
     krb5_kvno *kvno;
-krb5_enctype ktype;
+    krb5_enctype ktype;
 {
     krb5_error_code ret;
     int nprincs;
@@ -476,7 +476,7 @@ krb5_enctype ktype;
                              &pkey) &&
        krb5_dbe_find_enctype(context,
                              &server,
-                             -1,
+                             ktype,
                              -1,
                              -1,
                              &pkey))