[Freeipa-devel] [PATCH] #2038 modify salt creation
Simo Sorce
simo at redhat.com
Fri Nov 4 19:59:06 UTC 2011
On Fri, 2011-11-04 at 15:15 -0400, Nalin Dahyabhai wrote:
> On Thu, Nov 03, 2011 at 06:26:15PM -0400, Simo Sorce wrote:
> > As stated in the bug in order to attain better interoperability with
> > Windows clients we need to change the way we generate the random salt.
>
> Nack. The data in a krb5_data is of type 'char', and if it's signed,
> the math used here doesn't produce a printable result. Might also want
> to increase KRB5P_SALT_SIZE.
Ah crap, right.
I initially used a safe construct: data[i] &= 0x5F
Then realized that one of the possible values (5F + 20 = 7F) is
unprintable, so I switched to this unsafe one.
Will get a revised patch for ipa-2-1 and an amendment for master.
Thanks a lot for spotting this one!
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list