| Subject: | session_enctypes does nothing useful with DEFAULT |
The session_enctypes string attribute, added in 1.11, uses the same
syntax for enctype lists as the three profile variables
(permitted_enctypes, default_tkt_enctypes, default_tgs_enctypes). But
unlike those variables, it evaluates DEFAULT to an empty list.
There are two reasonable options for fixing this: evaluate DEFAULT to
the same hardcoded default list as is used for the three profile
variables, or evaluate it to the value of permitted_enctypes (which the
KDC already uses to filter key data in DB entries).
syntax for enctype lists as the three profile variables
(permitted_enctypes, default_tkt_enctypes, default_tgs_enctypes). But
unlike those variables, it evaluates DEFAULT to an empty list.
There are two reasonable options for fixing this: evaluate DEFAULT to
the same hardcoded default list as is used for the three profile
variables, or evaluate it to the value of permitted_enctypes (which the
KDC already uses to filter key data in DB entries).