Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Subject: session_enctypes does nothing useful with DEFAULT
X-RT-Original-Encoding: iso-8859-1
Content-Length: 524

The session_enctypes string attribute, added in 1.11, uses the same 
syntax for enctype lists as the three profile variables 
(permitted_enctypes, default_tkt_enctypes, default_tgs_enctypes).  But 
unlike those variables, it evaluates DEFAULT to an empty list.

There are two reasonable options for fixing this: evaluate DEFAULT to 
the same hardcoded default list as is used for the three profile 
variables, or evaluate it to the value of permitted_enctypes (which the 
KDC already uses to filter key data in DB entries).