Skip Menu |
 

Subject: supported_enctypes parsing does not handle DEFAULT
The parsing used by kadm5_get_config_params (i.e., krb5_string_to_keysalts) does not handle
DEFAULT (as krb5int_parse_enctype list, used to parse the other enctype profile variables, does),
though our documentation claims that supported_enctypes will honor DEFAULT.

Additionally, kadm5_get_config_params ignores the return value of krb5_string_to_keysalts, so
errors in the supported_enctype list only result in kadmind failing to startup if the first entry is
invalid.

Reported by CSights <cwseys@physics.wisc.edu> in Debian bug 730583.
Looks like #884 is related, but we'll probably also have to redesign some of the interfaces so
that keysalt pairs are a libkrb5 or libk5crypto thing rather than a libkdb thing.