Use keytab to select etypes in krb5_get_init_creds_keytab()

Sam Hartman hartmans at MIT.EDU
Tue Apr 17 17:27:31 EDT 2012

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> On 04/17/2012 02:39 PM, Nico Williams wrote:
    >> Would that be a problem?  I'm inclined to think that it would be.
    >> But I'm not sure.  After all, it's only a "default".  Perhaps the
    >> right answer is "that's OK, but don't allow any
    >> non-permitted_enctypes",
    Greg> [...]
    >> Is it time to have an enctype_preference parameter listing
    >> enctypes in order of preference?

    Greg> I don't see any advantages to these alternatives over using
    Greg> default_tkt_enctypes as a preference order (for this
    Greg> particular bit of code).

Also, default_tkt_enctypes is only a default in that it can be
overridden by an application's explicity configuration.
I don't think keytab keys should override this.

More information about the krbdev mailing list