[976] in Kerberos_V5_Development
So, why shouldn't appl/bsd use tripple-DES
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Jan 25 16:48:31 1996
Date: Thu, 25 Jan 1996 16:48:23 -0500
From: Sam Hartman <hartmans@MIT.EDU>
To: krbdev@MIT.EDU
Someone in appl/bsd/kcmd.c set the default TGS enctypes to
DES_CBC_CRC. This breaks things with my new ccache changes, because
it can't find a tgt with an enctype that is in the default enctype set
anymore, so it can't go and get a DES host ticket. This indicates
that my changes to the ccache routines may not be such a good idea.
What I was trying to do was:
* If the credentials request contains a particular enctype, make sure
I got that enctype. This is required for krb524d or telnetd to work.
* Avoid having the ccache code accidentally pick up tickets with
non-standard session key enctypes unless they were specifically asked
for. There was no reason to do this, other than it appeared that was
what the previous (broken) code was trying to do.
Besides, I see no good reason that anything in appl/bsd needs
DES; if I comment out the call to set_default_tgs_enctypes, it appears
to work fine with tripple DES. Is there something I am missing, or
can this call go away.
--Sam
