Enable aes128-cts for client

Currently we support aes128-cts but do not enable it by default.  It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.

Ticket: new
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index f7b8d2259a32840f0dec8f13c49e89d8b027acec..28bfafd390c54483f56912baf7018d5a3d8a4f3d 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,7 @@
+2004-02-06  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * init_ctx.c (DEFAULT_ETYPE_LIST): Include aes128-cts
+
 2003-12-19  Ken Raeburn  <raeburn@mit.edu>
 
        * get_in_tkt.c (get_in_tkt_enctypes): Now const.

diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 7ff983cf7a021e6a83bbc589cdbd6850738b187f..2740d83618b5ce7cff0eaa8a39ac214ac639c85e 100644 (file)
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -66,6 +66,7 @@
    des-crc for now.  */
 #define DEFAULT_ETYPE_LIST     \
        "aes256-cts-hmac-sha1-96 " \
+       "aes128-cts-hmac-sha1-96 " \
        "des3-cbc-sha1 arcfour-hmac-md5 " \
        "des-cbc-crc des-cbc-md5 des-cbc-md4 "