On Fri, 2011-11-04 at 15:15 -0400, Nalin Dahyabhai wrote: > On Thu, Nov 03, 2011 at 06:26:15PM -0400, Simo Sorce wrote: > > As stated in the bug in order to attain better interoperability with > > Windows clients we need to change the way we generate the random salt. > > Nack. The data in a krb5_data is of type 'char', and if it's signed, > the math used here doesn't produce a printable result. Might also want > to increase KRB5P_SALT_SIZE.
Ah crap, right. I initially used a safe construct: data[i] &= 0x5F Then realized that one of the possible values (5F + 20 = 7F) is unprintable, so I switched to this unsafe one. Will get a revised patch for ipa-2-1 and an amendment for master. Thanks a lot for spotting this one! Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
