s4-heimdal: Allow any kvno to match when searching the keytab.

Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 8ce6570de281291c2d355e1ef309b5c37c6688b5..25aa8674c72bf149a88c12d783bd28b61b9edf90 100644 (file)
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -983,8 +983,7 @@ krb5_rd_req_ctx(krb5_context context,
                goto out;
            }
 
-           if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype ||
-               (kvno && kvno != entry.vno)) {
+           if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype) {
                krb5_kt_free_entry (context, &entry);
                continue;
            }