krb5 commit: Allow only one salt type per enctype in key data

[ghudson at mit.edu]

https://github.com/krb5/krb5/commit/367ccd2fcf8b4adb82bfc7ef9b5f04ff94f80326
commit 367ccd2fcf8b4adb82bfc7ef9b5f04ff94f80326
Author: Greg Hudson <ghudson at mit.edu>
Date:   Wed Jan 29 00:22:57 2025 -0500

    Allow only one salt type per enctype in key data
    
    In the default libkdb5 password change method, omit requested key/salt
    combinations that duplicate an earlier encryption type, even if they
    have a different salt type.  Any use cases for multiple salts for the
    same enctype disappeared with single-DES support.  (We already have
    this behavior for chrand requests.)
    
    ticket: 9160 (new)

 src/lib/kdb/kdb_cpw.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index c33c7cf8d..8b012e19e 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -264,8 +264,7 @@ add_key_pwd(krb5_context context, krb5_keyblock *master_key,
                                                  &similar)))
                 return(retval);
 
-            if (similar &&
-                (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype))
+            if (similar)
                 break;
         }