Received: from carter-zimmerman.suchdamage.org ([209.78.251.2]) by krbdev.mit.edu (8.12.9) with ESMTP id l41GHHL8028769; Tue, 1 May 2007 12:17:17 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id BD14C49B6; Tue, 1 May 2007 12:16:36 -0400 (EDT) From: Sam Hartman To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #5550] krb5_set_default_tgs_enctypes does not work in Kerberos 1.6 References: Date: Tue, 01 May 2007 12:16:36 -0400 In-Reply-To: (Tom Yu via's message of "Mon, 30 Apr 2007 12:29:33 -0400 (EDT)") Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 669 >>>>> "Tom" == Tom Yu via RT writes: >>>>> "Sam" == Sam Hartman via RT writes: Sam> You need to somehow order the enctypes though so that Sam> enctypes that end up in the restricted application set come Sam> first (and in their order) when using conf_ktypes. Sam> If you do that, this sounds reasonable. Tom> Are you suggesting this as an alternative to repeating the Tom> request for the final ticket using conf_ktypes=0? No, in addition to. If the final result is one of the applications enctypes you need to make sure that the right enctype was chosen. That depends on ordering.