[krbdev.mit.edu #8249] session_enctypes does nothing useful with DEFAULT
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Sep 23 13:02:33 EDT 2015
The session_enctypes string attribute, added in 1.11, uses the same
syntax for enctype lists as the three profile variables
(permitted_enctypes, default_tkt_enctypes, default_tgs_enctypes). But
unlike those variables, it evaluates DEFAULT to an empty list.
There are two reasonable options for fixing this: evaluate DEFAULT to
the same hardcoded default list as is used for the three profile
variables, or evaluate it to the value of permitted_enctypes (which the
KDC already uses to filter key data in DB entries).
More information about the krb5-bugs
mailing list