Mike Patnode mike.patnode at
Thu Aug 14 13:33:00 EDT 2008

Can someone explain the thinking behind use_conf_ktypes?  I'm trying to
eliminate the repeated parsing of krb5.conf on every ticket request by
configuring my context appropriately, and found the code doesn't want me
to do that.   Here from init_ctx.c: krb5_get_tgs_ktypes()


    if (context->use_conf_ktypes)

        /* This one is set *only* by reading the config file; it's not

           set by the application.  */

        return(get_profile_etype_list(context, ktypes,

                                      0, NULL));


        return(get_profile_etype_list(context, ktypes,




Then in krb5_fwd_tgt_creds():


    /* fetch tgt directly from cache */

    context->use_conf_ktypes = 1;

    retval = krb5_cc_retrieve_cred (context, cc,

                    &creds, &tgt);

    context->use_conf_ktypes = old_use_conf_ktypes;



Why in this case is it necessary to ignore the application's supported
encryption type list?

More information about the krbdev mailing list