Directory Kerberos
  1. Directory Kerberos
  2. DIRKRB-84

EncryptionTypes are not correctly handled in the server


    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      Currently, EncryptionType are stored in a Set, and we compare the expected ETypes passed by the client with the configured ETypes we support in the server. They are both stored in a Set, which is not ordered.

      The problem is that there is nothing like a EType negotiation between the client and the server, so the encrypted data will be encrypted using the strongest Etype found in the list of Etypes, where the leftmost EType is the strongest, and the rightmost is the weaker.

      Using a set is then a guarantee that we will face issues at some point. We must use a List instead.


        Emmanuel Lecharny made changes -
        Fix Version/s 2.0.0-M5 [ 12319541 ]
        Pierre-Arnaud Marcelot made changes -
        Assignee Emmanuel Lecharny [ elecharny ]
        Fix Version/s 2.0.0-M5 [ 12319541 ]
        Emmanuel Lecharny made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Emmanuel Lecharny made changes -
        Field Original Value New Value
        Project Directory ApacheDS [ 12310260 ] Directory Kerberos [ 12310910 ]
        Key DIRSERVER-1690 DIRKRB-84
        Emmanuel Lecharny created issue -


          • Assignee:
            Emmanuel Lecharny
            Emmanuel Lecharny
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: