git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7cfc225) | patch
heimdal:kdc: Only check for default salt for des-cbc-crc enctype
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Fri, 8 Oct 2021 02:53:47 +0000 (15:53 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 14 Oct 2021 18:59:31 +0000 (18:59 +0000)
commit8e1efd8bd3bf698dc0b6ed2081919f49b1412b53
tree3638e690493bda3148537ffba9c11f769995ce60tree
parent7cfc225b549108739bd86e222f2f35eb96af4ea3commit | diff
heimdal:kdc: Only check for default salt for des-cbc-crc enctype

Previously, this algorithm was preferring RC4 over AES for machine
accounts in the preauth case. This is because AES keys for machine
accounts in Active Directory use a non-default salt, while RC4 keys do
not use a salt. To avoid this behaviour, only prefer keys with default
salt for the des-cbc-crc enctype.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail_heimdal_kdc diff | blob | history
source4/heimdal/kdc/kerberos5.c diff | blob | history
Samba Shared Repository