From d1cbb9f5ceb40d0634891086ef1939b3b76daa4f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 16 Apr 2011 15:44:23 +1000 Subject: s4-heimdal: Allow any kvno to match when searching the keytab. Windows does not use a KVNO when it checks it's passwords, and MIT doesn't check the KVNO when no acceptor identity is specified (looping over all keys in the keytab). Andrew Bartlett --- source4/heimdal/lib/krb5/rd_req.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 8ce6570de2..25aa8674c7 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -983,8 +983,7 @@ krb5_rd_req_ctx(krb5_context context, goto out; } - if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype || - (kvno && kvno != entry.vno)) { + if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype) { krb5_kt_free_entry (context, &entry); continue; } -- cgit