krb5_gic_init_creds_keytab and session key enctypes
Stef Walter
stefw at gnome.org
Wed Jul 4 12:02:44 EDT 2012
On 07/02/2012 06:56 PM, Greg Hudson wrote:
>> But let's suppose that that doesn't work universally well. Then
>> simply take the default_tkt_enctypes and re-order it so that all the
>> enctypes for which the service has keys in its keytab come first (but
>> preferably still with the same relative order as in the original
>> default_tkt_enctypes) and the others (if any) come last (also
>> preserving the original relative ordering between them).
>
> This idea is trivial to implement and more elegant than my previously
> chosen KDC hack, so I've reverted the KDC hack and implemented this instead.
Thanks Greg and Nico for fixing the problem.
Just ran into a similar issue with the similar code in sssd. It was seen
when using DES with AD Windows 2008R2 and default_tkt_enctypes set to
des-cbc-crc.
Cheers,
Stef
More information about the krbdev
mailing list