Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Subject: gc_frm_kdc doesn't adjust use_conf_ktypes in referrals case
X-RT-Original-Encoding: iso-8859-1
Content-Length: 514

If krb5_get_creds_from_kdc_opt() gets the final service ticket during referrals processing, it 
does so with use_conf_ktypes = 1.  This may be undesirable, as the application may have 
requested to override the config file enctypes.  The problem is that the referrals code should set 
use_conf_ktypes = 1 when getting TGTs.  There may need to be an explicit check to see if the 
returned service ticket contains enctypes not requested by the application, and if so, to repeat 
the request with use_conf_ktypes = 0.