From: | ghudson@mit.edu |
Subject: | git commit |
Apply permitted_enctypes to KDC request enctypes
permitted_enctypes was initially intended only to restrict the
processing of AP requests (and was later applied to KDB key data
searches so that the KDC wouldn't issue a ticket it would refuse to
accept). Because the documentation was never clear about its scope,
many configurations assume that permitted_enctypes also applies to
clients.
In light of the existing configurations, take the simple way out and
use permitted_enctypes as the default for default_tkt_enctypes and
default_tgs_enctypes. Update the documentation, add a test to
explicitly check the new behavior, and remove now-unnecessary
configuration from the test suite.
[ghudson@mit.edu: unrolled helper function; edited documentation and
commit message; simplified test case]
https://github.com/krb5/krb5/commit/8f13fb2342b2a715cfb694688e3435e7f11691f8
Author: Robbie Harwood <rharwood@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 8f13fb2342b2a715cfb694688e3435e7f11691f8
Branch: master
doc/admin/conf_files/krb5_conf.rst | 20 ++++--
doc/admin/enctypes.rst | 8 ++-
src/lib/krb5/krb/init_ctx.c | 144 ++++++++++++++++++----------------
src/man/krb5.conf.man | 22 ++++--
src/tests/dejagnu/config/default.exp | 16 ----
src/tests/gssapi/t_enctypes.py | 6 +-
src/tests/t_sesskeynego.py | 8 ++
src/util/k5test.py | 30 ++------
8 files changed, 128 insertions(+), 126 deletions(-)