allow multiple passwords per account in krb5. (I think this was
intened to allow multiple salts)
- - When sending the enc-type negotiation, we call get_pa_etype_info if
- there are only 'old' enc types present, but always call
- get_pa_etype_info2. It would seem more logical to have an
- either/or, or only send both to clients that show signs of knowing
- about the old enc types.
- - Perhaps this is to cope with clients that expect the older info in
- the first position? (Comments needed)
-
State Machine safety
--------------------
pa->padata_value.data = NULL;
#endif
+ /* RFC4120 requires:
+ - If the client only knows about old enctypes, then send both info replies
+ (we send 'info' first in the list).
+ - If the client is 'modern', because it knows about 'new' enc types, then
+ only send the 'info2' reply.
+ */
/* XXX check ret */
if (only_older_enctype_p(req))
ret = get_pa_etype_info(context, config, &method_data, &client->entry,