kinit always specifies all available etypes in AS-REQ?
Greg Hudson
ghudson at MIT.EDU
Mon May 24 14:38:00 EDT 2010
On Mon, 2010-05-24 at 06:22 -0400, Weijun Wang wrote:
> Why can't kinit only specifies the etypes in the keytab at the
> beginning? Is this a feature or a bug?
This is a bug, or at least a missing feature. In a traditional Unix
environment, it's not really a problem, since the keytab and KDC
typically have the same set of keys. But with a Windows KDC it can be
an issue.
The logic required for this would be noticeable but not prohibitive, I
think--we'd need to iterate over the keytab and build an array of
enctypes. This is probably best done in krb5_get_init_creds_keytab() if
the caller does not specify an etype list via the gic options.
More information about the krbdev
mailing list