[OpenAFS] Re: Heimdal KDC bug mentioned in rekeying document

Ken Dreyer ktdreyer@ktdreyer.com
Tue, 6 Aug 2013 17:13:17 -0600

On Mon, Jul 29, 2013 at 4:12 PM, Jeffrey Altman
<jaltman@secure-endpoints.com> wrote:
> Secure Endpoints has pushed fixes to https://github.com/heimdal/heimdal
> for both the 'master' (aka pre-1.6) and 'heimdal-1-5-branch' branches.

I have a question about the exact patches that are necessary. There
were several patches that went into heimdal-1-5-branch after 1.5.3
that appear to relate to enctypes. I'm working on packaging Heimdal
1.5.3 for Fedora and EPEL, so will I need all of these?

$ git log 32baf7..d9b369 --format=oneline

d9b3691b0f993a4b80fddc7b2771209e3856c26a tgs_make_reply: fix temp weak
enctype exception
76bee4df58994d45852e2e8d5da7ec09bdc6f5d4 _kdc_find_etype: prefer
default salt for preauth
33a3a172ad3cf53764388efb8767ce5793b49a41 apply weak key exceptions to
20090f7ba301453fc32bceda90125d043ff9210f _kdc_find_etype: do not
return success if ret_key != NULL
a2d0f8e3ee350f7db48d7bcd6eed775ff1ace6e4 _kdc_find_etype consolidation
2a5a96d60ec464e831274fda3e3b6653de96196f When asking for the strongest
key, get it right
e1dd757fe13c818dfb259b540d84345d9e20f98b Check all three DES types
800345591daa0ec0d916fa71032b78f4c4e225c9 Fix bug with use strongest
session key feature
fff00cc34536937974caccbb2278dab1562a5594 match code, pointed out by
Sergio Gelato <Sergio.Gelato@astro.su.se>
ad7bb0311c41449921ab82fdcfb8545e801f6429 Rename and fix
as/tgs-use-strongest-key config parameters
50309911ba90a0c5c3881f518e16a88d59abc879 Fix check-des

- Ken