random to key from password

[Nicolas Williams]

On Mon, Sep 27, 2010 at 04:22:20PM -0500, Nicolas Williams wrote:
> On Mon, Sep 27, 2010 at 05:11:38PM -0400, Sam Hartman wrote:
> > Claim to be a client that only supports DES.  This is a random
> > key--allowing use as a client is supposed to be reasonable even without
> > preauth.
> 
> Ah, right.  We really need to have a way to say which enctypes a service
> princ is allowed to use as a client...

And lacking that, make service princs require pre-auth.