From 7dbcfcdd79351894e509aebb495e2af4e0b001b1 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 27 Jan 2000 22:13:14 +0000 Subject: [PATCH] permit use of non-des session keys now git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11976 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/ChangeLog | 6 ++++++ src/kdc/kdc_util.c | 29 +++-------------------------- 2 files changed, 9 insertions(+), 26 deletions(-) diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 053fdf3b9..927b71f8a 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,9 @@ +2000-01-27 Ken Raeburn + + * kdc_util.c (select_session_keytype): Revert 1999-09-01 changes; + now always use any requested type indicated as supported by the db + entry. + 1999-10-29 Ken Raeburn * dispatch.c (dispatch): Make message in lookaside case less diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 30f7338c3..a988b28cc 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1398,33 +1398,10 @@ select_session_keytype(context, server, nktypes, ktype) if (!valid_enctype(ktype[i])) continue; - if (dbentry_supports_enctype(context, server, ktype[i])) { - switch (ktype[i]) { - case ENCTYPE_NULL: - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_RAW: - case ENCTYPE_DES_HMAC_SHA1: - return ktype[i]; - - default: - /* For now, too much of our code supports only - single-DES. For example, the GSSAPI Kerberos - mechanism needs to be modified. If someone tries - using other key types, force single-DES for the - session key. - - This weird way of setting it here is so that a - requested single-DES enctype listed after DES3 can - be used, and this fallback enctype will be used - only if *no* single-DES enctypes were requested. */ - dfl = ENCTYPE_DES_CBC_CRC; - break; - } - } + if (dbentry_supports_enctype(context, server, ktype[i])) + return ktype[i]; } - return dfl; + return 0; } /* -- 2.26.2