On Mon, May 26, 2014 at 4:45 AM, Frank Steinberg
wrote:
> Am 25.05.2014 um 05:14 schrieb Greg Hudson :
>> If you decide to go with patching the KDC, the candidate fixes are here:
>>
>> https://github.com/krb5/krb5/pull/129
>>
>> These changes should get pushed to master within a week or so, and
>>
Am 25.05.2014 um 05:14 schrieb Greg Hudson :
> If you decide to go with patching the KDC, the candidate fixes are here:
>
> https://github.com/krb5/krb5/pull/129
>
> These changes should get pushed to master within a week or so, and
> will eventually make their way into 1.12 and probably 1.11 p
If you decide to go with patching the KDC, the candidate fixes are here:
https://github.com/krb5/krb5/pull/129
These changes should get pushed to master within a week or so, and
will eventually make their way into 1.12 and probably 1.11 patch releases.
___
[Subsequent messages containing key data have not been sent to the mailinglist.]
Hi Greg,
thank you very much. Now, I have a better understanding of the problem.
I started to analyze the key data with an ASN.1 decoder and could identify
the differences in the optional salt sequence. Patching the
On 05/20/2014 09:56 AM, Frank Steinberg wrote:
> Did this krbPrincipalKey type change?
Not intentionally. We did do some work on ASN.1 decoding in 1.11, and
it's possible that the LDAP key sequence decoder unintentionally
became more strict. But looking at the 1.10 and current code, I don't
see
Hi,
I'm using MIT Kerberos with an LDAP backend on Ubuntu Linux systems for some
years now. During an update from 1.10.x to 1.12.x I'm observing some trouble:
1. It seems like the LDAP backend now requires to have the krbRealmContainer
objects under an object of class krbContainer. Formerly it
