[krbdev.mit.edu #8250] session_enctypes is ignored if it is empty or evaluates to an empty list
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Sep 23 13:05:45 EDT 2015
dbentry_supports_enctype() ignores session_enctypes if it is empty due
to this conditional:
if (retval == 0 && etypes_str != NULL && *etypes_str != '\0')
and also ignores it if it evaluates to an empty list due to this
conditional:
if (retval == 0 && etypes != NULL && etypes[0]) {
The second behavior can be surprising because the enctype list may
contain values which are filtered out due to allow_weak_crypto=false.
Empty values and lists should probably be treated as empty lists, even
if that results in the service principal not working.
More information about the krb5-bugs
mailing list