[krbdev.mit.edu #5550] krb5_set_default_tgs_enctypes does not work in Kerberos 1.6
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Tue May 1 12:17:22 EDT 2007
>>>>> "Tom" == Tom Yu via RT <rt-comment at krbdev.mit.edu> writes:
>>>>> "Sam" == Sam Hartman via RT <rt-comment at krbdev.mit.edu> writes:
Sam> You need to somehow order the enctypes though so that
Sam> enctypes that end up in the restricted application set come
Sam> first (and in their order) when using conf_ktypes.
Sam> If you do that, this sounds reasonable.
Tom> Are you suggesting this as an alternative to repeating the
Tom> request for the final ticket using conf_ktypes=0?
No, in addition to. If the final result is one of the applications
enctypes you need to make sure that the right enctype was chosen.
That depends on ordering.
More information about the krb5-bugs
mailing list