MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit
35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.
Fix this by limiting the check to only 8 bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
(cherry picked from commit
97eaeea6a130871cfac5be42459380c0c4e0fae6)
}
if (!flush &&
- (kt_entry.vno == kvno) &&
+ ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
(kt_entry_enctype != enctype))
{
DEBUG(5, (__location__ ": Saving entry with kvno [%d] "