Directory Kerberos
  1. Directory Kerberos
  2. DIRKRB-84

EncryptionTypes are not correctly handled in the server

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-M5
    • Component/s: None
    • Labels:
      None

      Description

      Currently, EncryptionType are stored in a Set, and we compare the expected ETypes passed by the client with the configured ETypes we support in the server. They are both stored in a Set, which is not ordered.

      The problem is that there is nothing like a EType negotiation between the client and the server, so the encrypted data will be encrypted using the strongest Etype found in the list of Etypes, where the leftmost EType is the strongest, and the rightmost is the weaker.

      Using a set is then a guarantee that we will face issues at some point. We must use a List instead.

        Activity

        Show
        Emmanuel Lecharny added a comment - Fixed with http://svn.apache.org/viewvc?rev=1236474&view=rev

          People

          • Assignee:
            Emmanuel Lecharny
            Reporter:
            Emmanuel Lecharny
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development