s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES

This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 5b13f567a008f41f687598bf1e6a9c1fd1f6e80c..87486eab0178c98ed1418abf49bf47644c275751 100644 (file)
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -53,6 +53,8 @@ struct keytab_container {
 #define ENC_ALL_TYPES (ENC_RC4_HMAC_MD5 |      \
                       ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
 
+#define ENC_STRONG_SALTED_TYPES (ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
+
 #ifndef HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
 krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
 #endif