[428] in Kerberos-V5-bugs
krb5_mk_rep doesn't allow caller to select encryption type
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Thu Mar 3 13:34:59 1994
Date: Thu, 3 Mar 1994 13:34:57 -0500
From: "Jonathan I. Kamens" <jik@security.ov.com>
To: krb5-bugs@MIT.EDU
>Description:
The krb5_mk_rep function does not take as one of its arguments
the type of encryption to use. Instead, it apparently uses whatever
the "default" encryption type is for the keytype passed into it.
This seems inconsistent with other functions, e.g.,
krb5_get_in_tkt, which allow the caller to specify the encryption
type. Furthermore, it hides some functionality from the caller. This
will become more of a problem when there actually are different
encryption types that use the same key type.
>Fix:
I don't know.... It's probably too late at this point to add
an argument to krb5_mk_rep, since it's probably used all over th
place in people's code. Perhaps there should be a
krb5_mk_rep_extended which allows the specification of an encryption
type (and anything else that is defaulted in krb5_mk_rep but might be
specified by the caller).
jik
