Use keytab to select etypes in krb5_get_init_creds_keytab()
Sam Hartman
hartmans at MIT.EDU
Tue Apr 17 17:27:31 EDT 2012
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> On 04/17/2012 02:39 PM, Nico Williams wrote:
>> Would that be a problem? I'm inclined to think that it would be.
>> But I'm not sure. After all, it's only a "default". Perhaps the
>> right answer is "that's OK, but don't allow any
>> non-permitted_enctypes",
Greg> [...]
>> Is it time to have an enctype_preference parameter listing
>> enctypes in order of preference?
Greg> I don't see any advantages to these alternatives over using
Greg> default_tkt_enctypes as a preference order (for this
Greg> particular bit of code).
Also, default_tkt_enctypes is only a default in that it can be
overridden by an application's explicity configuration.
I don't think keytab keys should override this.
More information about the krbdev
mailing list