On Tue, 2011-11-29 at 10:13 +0100, Sumit Bose wrote:
> On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
> > On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> > > I think I found two issues which should be fixed by the following
> > > patch:
> > > - krb5_pac_add_buffer() expects krb
On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
> On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> > I think I found two issues which should be fixed by the following
> > patch:
> > - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
> > second
> >argument
>
> g
On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> I think I found two issues which should be fixed by the following
> patch:
> - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
> second
>argument
good catch
> - your patch copies all buffers, including the checksums, whic
On Wed, Nov 23, 2011 at 11:53:11AM +0100, Sumit Bose wrote:
> On Tue, Nov 22, 2011 at 07:10:54PM -0500, Simo Sorce wrote:
> > In some cases the KDC will decide to use a different checksum type when
> > re-signing a PAC to include it in a service ticket.
> >
> > This is common in a cross-realm trus
On Tue, Nov 22, 2011 at 07:10:54PM -0500, Simo Sorce wrote:
> In some cases the KDC will decide to use a different checksum type when
> re-signing a PAC to include it in a service ticket.
>
> This is common in a cross-realm trust with AD as most AD DCs will use a
> HMAC-MD5-RC4 checksum while IPA'
In some cases the KDC will decide to use a different checksum type when
re-signing a PAC to include it in a service ticket.
This is common in a cross-realm trust with AD as most AD DCs will use a
HMAC-MD5-RC4 checksum while IPA's KDC will instead choose to use
HMAC-SHA-AES when re-signing the PAC.