tags 527353 =confirmed, upstream severity 527353 serious retitle 527353 MIT Kerberos 1.7 TGS-req fails to interoperate with Heimdal KDC reassign 527353 libkrb5-3 thanks
MIT Kerberos 1.7 sends a TGS req authenticator subkey. According to the top of page 35 of RFC 4120, Heimdal should encrypt the response using the TGS-req subkey. However Heimdal encrypts the response using the ticket key. Heimdal is wrong, but we need to work with it. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
