From 696a8ed7988d47b5d66b627e09f22e647b8f9508 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 13 May 2003 21:01:09 +0000
Subject: [PATCH] AES shouldn't be in KDC default enctype list

Until all services including GSS-based ones can support AES, we don't
want it in the default supported enctypes list on the KDC.

ticket: new
tags: pullup
target_version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15428 dc483132-0cff-0310-8789-dd5450dbe970
---
 doc/ChangeLog            | 4 ++++
 doc/definitions.texinfo  | 2 +-
 src/lib/kadm5/ChangeLog  | 5 +++++
 src/lib/kadm5/alt_prof.c | 2 +-
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index b84a21099..786fb2ca2 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* definitions.texinfo: Updated DefaultSupportedEnctypes.
+
 2003-05-12  Sam Hartman  <hartmans@mit.edu>
 
 	* definitions.texinfo: Default v4 mode is now none
diff --git a/doc/definitions.texinfo b/doc/definitions.texinfo
index 561175c81..8cfb8571b 100644
--- a/doc/definitions.texinfo
+++ b/doc/definitions.texinfo
@@ -108,7 +108,7 @@ krb5/src/lib/kadm5/alt_prof.c
 @comment line 622
 @set DefaultDefaultPrincipalExpiration 0 
 @comment line 639
-@set DefaultSupportedEnctypes aes256-cts-hmac-sha1:normal des3-hmac-sha1:normal des-cbc-crc:normal
+@set DefaultSupportedEnctypes des3-hmac-sha1:normal des-cbc-crc:normal
 @comment line 705
 
 @ignore
diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog
index 42e0b8edb..ae0f4405a 100644
--- a/src/lib/kadm5/ChangeLog
+++ b/src/lib/kadm5/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* alt_prof.c (kadm5_get_config_params): Remove aes256 from the
+	default supported enctypes list for now.
+
 2003-05-04  Sam Hartman  <hartmans@mit.edu>
 
 	* chpass_util_strings.et: Replace reference to ovpasswd with kpasswd
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index e7fe3ef84..4c14c4c04 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -702,7 +702,7 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
 	 if (aprofile)
 	      krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
 	 if (svalue == NULL)
-	     svalue = strdup("aes256-cts-hmac-sha1-96:normal des3-hmac-sha1:normal des-cbc-crc:normal");
+	     svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
 
 	 params.keysalts = NULL;
 	 params.num_keysalts = 0;
-- 
2.26.2