The following commit has been merged in the openafs-devel-1_7_x branch:
commit 7dea66612a8962ece37bde3c6fb1a857994314ef
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sun Mar 17 21:58:47 2013 -0400
Derive DES/fcrypt session key from other key types
If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.
To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm
Windows has three additional places to get tokens, who knew?
(cherry-picked from 7e4e06b87a09197816b0e1ae132e38dc30090574)
Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
src/WINNT/afsd/afskfw.c | 8 ++-
src/WINNT/aklog/aklog.c | 12 ++-
src/WINNT/netidmgr_plugin/afsfuncs.c | 11 ++-
src/aklog/aklog.c | 13 ++-
src/libafsrpc/afsrpc.def | 1 +
src/rxkad/rxkad_prototypes.h | 6 ++
src/rxkad/ticket5.c | 159 ++++++++++++++++++++++++++++++----
7 files changed, 179 insertions(+), 31 deletions(-)
--
OpenAFS Master Repository