From willf@alton.central.sun.com  Thu Jun 20 20:33:04 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
	by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id UAA29155
	for <bugs@RT-11.mit.edu>; Thu, 20 Jun 2002 20:33:04 -0400 (EDT)
Received: from kathmandu.sun.com (kathmandu.sun.com [192.18.98.36])
	by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA23861
	for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 20:33:03 -0400 (EDT)
Received: from engmail2.Eng.Sun.COM ([129.146.1.25])
	by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id SAA26122
	for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 18:33:03 -0600 (MDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
	by engmail2.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id RAA00666
	for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 17:33:02 -0700 (PDT)
Received: (from willf@localhost)
	by alton.central.sun.com (8.10.2+Sun/8.10.2) id g5L0X0U10735;
	Thu, 20 Jun 2002 19:33:00 -0500 (CDT)
Message-Id: <200206210033.g5L0X0U10735@alton.central.sun.com>
Date: Thu, 20 Jun 2002 19:33:00 -0500 (CDT)
From: William Fiveash <willf@alton.central.sun.com>
Reply-To: willf@alton.central.sun.com
To: krb5-bugs@mit.edu
Subject: kdc does not support des3-hmac-sha1 by default
X-Send-Pr-Version: 3.99

>Number:         1121
>Category:       krb5-kdc
>Synopsis:       kdc does not support des3-hmac-sha1 by default
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Thu Jun 20 20:34:00 EDT 2002
>Last-Modified:
>Originator:     William Fiveash
>Organization:
	Sun Microsystems Inc. 
>Release:        krb5-1.2.5
>Environment:
	
System: SunOS alton 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

>Description:
	

When setting "master_key_type = des3-hmac-sha1" in kdc.conf and creating
the principal db, krb5kdc will fail to start unless "supported_enctypes
= des3-hmac-sha1" is also set.  krb5kdc should support des3-hmac-sha1 by
default.

>How-To-Repeat:
	
>Fix:
	

--- src/lib/kadm5/alt_prof.c.orig	Thu Jun 20 19:07:24 2002
+++ src/lib/kadm5/alt_prof.c	Thu Jun 20 19:17:56 2002
@@ -943,6 +943,11 @@
 	    hierarchy[2] = "supported_enctypes";
 	    kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
 	}
+	/* Why not support the same defaults found in kadm5_get_config_params()?
+	 */
+	if (svalue == NULL) {
+	    svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+	}
 	if (!kret) {
 	    krb5_string_to_keysalts(svalue,
 				    ", \t",	/* Tuple separators	*/
@@ -951,6 +956,7 @@
 				    &rparams->realm_keysalts,
 				    &rparams->realm_num_keysalts);
 	    krb5_xfree(svalue);
+	    svalue = NULL;
 	}
 	kret = 0;
     }
>Audit-Trail:
>Unformatted: