On 11/18/2016 02:08 PM, Greg Hudson wrote: > Unfortunately, neither backporting the 1.14 tgt rekeying fixes > nor forward-porting the 1.13 pa-etype-info2 behavior is likely to be > easy, so I can't offer a solution better than the ones you've already > determined.
Actually, you could try reintroducing commit 18b02f3e839c007fff54fc9b693f479b7563ec73 to the 1.14 KDC. That's a pretty simple change, and I think it should work. (We reverted it because we found a more correct fix for the kinit -k issue we had run into.) https://github.com/krb5/krb5/commit/18b02f3e839c007fff54fc9b693f479b7563ec73 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
