jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 15:30:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable weak enctypes for klog.krb5 if supported by Kerberos

Browse Source 
The same as cb4b62a403, but for klog.krb5.

Current versions of both MIT Kerberos and Heimdal disable DES enctypes
by default, but DES enctypes are still required for AFS service tickets.
Probe for either krb5_allow_weak_crypto() (MIT Kerberos 1.8) or
krb5_enctype_enable() (Heimdal) and, if found, call them to enable DES
enctypes.  If neither is found, assume that the Kerberos libraries are
old enough that DES is enabled by default.

Change-Id: I99c93621c847f6edcc485207f5b6b99b2370b347
Reviewed-on: http://gerrit.openafs.org/1144
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
This commit is contained in:
Russ Allbery 2010-01-22 10:59:14 -08:00 committed by Derrick Brashear
parent 3f89c0feae
commit f02ab3339d
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/aklog/klog.c
View File

@ -408,6 +408,19 @@ CommandProc(struct cmd_syndesc *as, void *arock)
KLOGEXIT(1); KLOGEXIT(1);
} }
/*
* Enable DES enctypes, which are currently still required for AFS.
* krb5_allow_weak_crypto is MIT Kerberos 1.8. krb5_enctype_enable is
* Heimdal.
*/
#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
krb5_allow_weak_crypto(k5context, 1);
#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC);
if (i)
krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC);
#endif
/* Parse remaining arguments. */ /* Parse remaining arguments. */
dosetpag = !! as->parms[aSETPAG].items; dosetpag = !! as->parms[aSETPAG].items;