-
even if the tgt session key uses different hmac. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what windows 7 client and MIT client send. In heimdal both the client and kdc use the checksum of the tgt key instead and therefore work with each other but windows and MIT clients fail against heimdal KDC. Windows KDC allows either checksum (HMAC_MD5 or from tgt) so we should do the same to support all clients. Signed-off-by:
Isaac Boukris <iboukris@samba.org> Reviewed-by:
Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
6095a4f0
