On Fri, Jul 26, 2013 at 7:33 AM, Sergio Gelato <[email protected]>wrote:
> * Ragnar Sundblad [2013-07-26 13:01:00 +0200]:
> > >> I believe you should change the test to also check that ret_key ==
> NULL:
> > >> if (clientbest != ETYPE_NULL && enctype == ETYPE_NUL &&
> ret_key == NULL) {
> > >> enctype = clientbest;
> > >> ret = 0;
> > >> }
> > >> since if there is no common key-type, key will be NULL, and the later
> > >> if (ret == 0 && ret_key != NULL)
> > >> *ret_key = key;
> > >> will return a NULL pointer.
> > >
> > > Yes, good point.
> >
> > (Please double check that this is correct, I haven't tried it, only read
> it. :-)
>
> I'm compiling my next (and hopefully final) iteration right now.
> I went for this variant:
> if (clientbest != (krb5_enctype)ETYPE_NULL &&
> enctype == (krb5_enctype)ETYPE_NULL) {
> enctype = clientbest;
> if (ret_key == NULL)
> ret = 0;
> }
>
> This plus
[kdc]svc-use-strongest-
session-key=true
Works.
--
Derrick
