[krbdev.mit.edu #2520] Problem with kadmin in 1.3.1
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Fri Apr 2 17:02:59 EST 2004
>>>>> ""," == ", Machin at MIT EDU, Glenn D " via RT <rt-comment at krbdev.mit.edu> writes:
",> The solution is to have _kadm5_init_any() do what
",> gss_init_sec_context does in that, use the encryption types
",> that are in both the desired list and what is defined by
",> default_tgs_enctypes.
No, it should intersect against default_tkt_enctypes since it is an
initial request.
Your default_tkt_enctypes is not a subset of default_tgs_enctypes, so things fail.
I do believe that the current code does intersect against
default_tkt_enctypes.
You can argue that having both default_tgs_enctypes and
default_tkt_enctypes is confusing and useless. We'd probably agree.
But it's currently the documented behavior.
More information about the krb5-bugs
mailing list