krb5_wrap: fix keep_old_entries logic for older kerberos libraries

Enterprise / Samba - Christof Schmitt [samba.org] - 22 June 2018 22:57 EDT

MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only the lower 8 bits are stored. The next check then removed the entry again as the 8 bit value did not match the currently valid KVNO.

Fix this by limiting the check to only 8 bits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478

97eaeea6a13 krb5_wrap: fix keep_old_entries logic for older kerberos libraries
lib/krb5_wrap/krb5_samba.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Upstream: gitweb.samba.org


  • Share