permit use of non-des session keys now
authorKen Raeburn <raeburn@mit.edu>
Thu, 27 Jan 2000 22:13:14 +0000 (22:13 +0000)
committerKen Raeburn <raeburn@mit.edu>
Thu, 27 Jan 2000 22:13:14 +0000 (22:13 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11976 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/ChangeLog
src/kdc/kdc_util.c

index 053fdf3b915c625a1310bdb71720a81a2c628c7c..927b71f8a1ef7cc0806366d2eff60fa3accdccc6 100644 (file)
@@ -1,3 +1,9 @@
+2000-01-27  Ken Raeburn  <raeburn@mit.edu>
+
+       * kdc_util.c (select_session_keytype): Revert 1999-09-01 changes;
+       now always use any requested type indicated as supported by the db
+       entry.
+
 1999-10-29  Ken Raeburn  <raeburn@mit.edu>
 
        * dispatch.c (dispatch): Make message in lookaside case less
index 30f7338c3e3413ffb393bca023faa6f94eec55b5..a988b28cc8385672cb6fd78ad6c5c444e36d7cb5 100644 (file)
@@ -1398,33 +1398,10 @@ select_session_keytype(context, server, nktypes, ktype)
        if (!valid_enctype(ktype[i]))
            continue;
 
-       if (dbentry_supports_enctype(context, server, ktype[i])) {
-           switch (ktype[i]) {
-           case ENCTYPE_NULL:
-           case ENCTYPE_DES_CBC_CRC:
-           case ENCTYPE_DES_CBC_MD4:
-           case ENCTYPE_DES_CBC_MD5:
-           case ENCTYPE_DES_CBC_RAW:
-           case ENCTYPE_DES_HMAC_SHA1:
-               return ktype[i];
-
-           default:
-               /* For now, too much of our code supports only
-                  single-DES.  For example, the GSSAPI Kerberos
-                  mechanism needs to be modified.  If someone tries
-                  using other key types, force single-DES for the
-                  session key.
-
-                  This weird way of setting it here is so that a
-                  requested single-DES enctype listed after DES3 can
-                  be used, and this fallback enctype will be used
-                  only if *no* single-DES enctypes were requested.  */
-               dfl = ENCTYPE_DES_CBC_CRC;
-               break;
-           }
-       }
+       if (dbentry_supports_enctype(context, server, ktype[i]))
+           return ktype[i];
     }
-    return dfl;
+    return 0;
 }
 
 /*