Make gss_krb5_set_allowable_enctypes work for the acceptor
authorGreg Hudson <ghudson@mit.edu>
Tue, 25 Jan 2011 00:23:48 +0000 (00:23 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 25 Jan 2011 00:23:48 +0000 (00:23 +0000)
commitaf11454d3adf02a0e6fe3156e37b7b06fd5a9d3b
tree6c00d5860e8ba16deaa623949e5a40332f57c196
parenta6eafba6148b91fda7c2b1544e968ae325ffc868
Make gss_krb5_set_allowable_enctypes work for the acceptor

With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
can choose an enctype for the acceptor subkey other than the one in
the keytab.  If the resulting security context will be exported and
re-imported by another gss-krb5 implementation (such as one in the
kernel), the acceptor needs a way to restrict the set of negotiated
enctypes to those supported by the other implementation.  We had that
functionality for the initiator already in the form of
gss_krb5_set_allowable_enctypes; this change makes it work for the
acceptor as well.

ticket: 6852
target_version: 1.9.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24603 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/krb5/accept_sec_context.c