rocket-tools/riscv-gnu-toolchain/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Greg Hudson <ghudson@mit.edu>	2009-05-19 23:17:49 +0000
committer	Greg Hudson <ghudson@mit.edu>	2009-05-19 23:17:49 +0000
commit	05c7822d0e5118df745685ab2f9b20fe07dcfb6c (patch)
tree	7af1977cff48a484b7d7d4a79dc8080d49b680b3 /src/lib/crypto
parent	29e1669d344682c8b44b60c1e299b4b59308e70c (diff)
download	krb5-05c7822d0e5118df745685ab2f9b20fe07dcfb6c.zip krb5-05c7822d0e5118df745685ab2f9b20fe07dcfb6c.tar.gz krb5-05c7822d0e5118df745685ab2f9b20fe07dcfb6c.tar.bz2

When using keyed checksum types with TGS subkeys, Microsoft AD 2003

verifies the checksum using the subkey, whereas MIT and Heimdal verify it using the TGS session key. (RFC 4120 is actually silent on which is correct; RFC 4757 specifies the TGS session key.) To sidestep this interop issue, don't use keyed checksum types with RC4 keys without explicit configuration in krb5.conf. Using keyed checksum types with AES is fine since, experimentally, AD 2008 accepts checksums keyed with the TGS session key. ticket: 6490 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22356 dc483132-0cff-0310-8789-dd5450dbe970

Diffstat (limited to 'src/lib/crypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: