summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 9e06770e64..901182192d 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -323,10 +323,11 @@ static krb5_error_code KRB5_CALLCONV
decrypt_tkt_with_subkey (krb5_context context,
krb5_keyblock *key,
krb5_key_usage usage,
- krb5_const_pointer subkey,
+ krb5_const_pointer skey,
krb5_kdc_rep *dec_rep)
{
- krb5_error_code ret;
+ const krb5_keyblock *subkey = skey;
+ krb5_error_code ret = 0;
krb5_data data;
size_t size;
krb5_crypto crypto;
@@ -345,6 +346,17 @@ decrypt_tkt_with_subkey (krb5_context context,
KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
&dec_rep->kdc_rep.enc_part,
&data);
+ /*
+ * If the is Windows 2000 DC, we need to retry with key usage
+ * 8 when doing ARCFOUR.
+ */
+ if (ret && subkey->keytype == ETYPE_ARCFOUR_HMAC_MD5) {
+ ret = krb5_decrypt_EncryptedData(context,
+ crypto,
+ 8,
+ &dec_rep->kdc_rep.enc_part,
+ &data);
+ }
krb5_crypto_destroy(context, crypto);
}
if (subkey == NULL || ret) {