question about wanted_enctypes in krb5_gss_init_sec_context()

Sam Hartman hartmans at MIT.EDU
Thu Jun 20 14:38:00 EDT 2002

>>>>> "Will" == Will Fiveash <william.fiveash at> writes:

    Will> I've noticed in the version of
    Will> init_sec_context.c (MIT 1.2.5) that the function
    Will> krb5_gss_init_sec_context() uses the intersection of
    Will> wanted_enctypes and the default_tgs_enctypes as the list of
    Will> enctypes that a GSS client will request for the session key.
    Will> I'm wondering if the code to find the intersection is really
    Will> necessary.  Can't the default_tgs_enctypes be used for the
    Will> list of requested session key enctypes by GSS clients?  If
    Will> so, then the wanted_enctypes[] array could go away which
    Will> would be a good thing.

In 1.2.5 probably so.  On the mainline, no.  We do not support GSS
with the export grade RC4 as an example.

In general, because of the way RFC 1964 is written, we cannot
guarantee that we have a way to use arbitrary session key types with

If that were fixed, that array could go away.

More information about the krbdev mailing list