In v8, GetEncryptionKey does not return latest key, when kvno = 0

[mrjackbo]

The comment here

gokrb5/v8/keytab/keytab.go

Line 71 in 9822c92

// If the kvno is zero then the latest kvno will be returned. The kvno is also returned for

states that the latest key will be returned if knvo is zero. This appears to be false: if knvo=0 then the function returns the key contained in the first entry of kt with matching principal and enctype, because of the assignment here:

gokrb5/v8/keytab/keytab.go

Line 89 in 9822c92

kvno = int(k.KVNO)

As a consequence, the same function returns different keys in v7 and v8.
A solution would be to use a separate variable for the knvo of the returned key.

I noticed this since migration to v8 broke the clients in a library of mine. Connection with v7 is possible without problems, v8 fails.

[jcmturner]

@mrjackbo thanks for spotting this and letting me know. A fix will be integrated shortly...