Use keytab to select etypes in krb5_get_init_creds_keytab()
Greg Hudson
ghudson at MIT.EDU
Thu Apr 19 14:04:12 EDT 2012
On 04/17/2012 12:53 PM, Stef Walter wrote:
> Here we go. I think the attached patch implements what you outlined.
This is committed (with changes). The fix is associated with an
existing RT issue for the problem (#2131).
While working on this I noticed a DES interop issue uncovered by our
test suite. If you have a keytab containing only a des-cbc-md5 key, you
really want to include des-cbc-crc in your request etypes, because MIT
KDCs unconditionally reject des-cbc-md5 (due to an age-old interop issue
involving salts).
More information about the krbdev
mailing list