heimdal: honor conf enctypes when obtaining a service ticket

This patch removes part of what's categorized in the code as
"hideous glue", which causes Heimdal to ignore krb5.conf
encryption types, and instead use either the application-
supplied values or the default compile-time values.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 0a89ae1f36cfbb04f78763c8b0a064d82c788939..efc421521ce933212925c34c4bb89a3486516bf1 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -427,15 +427,12 @@ init_auth
     /*
      * This is hideous glue for (NFS) clients that wants to limit the
      * available enctypes to what it can support (encryption in
-     * kernel). If there is no enctypes selected for this credential,
-     * reset it to the default set of enctypes.
+     * kernel).
      */
     {
-       krb5_enctype *enctypes = NULL;
-
-       if (cred && cred->enctypes)
-           enctypes = cred->enctypes;
-       krb5_set_default_in_tkt_etypes(context, enctypes);
+       if (cred && cred->enctypes) {
+           krb5_set_default_in_tkt_etypes(context, cred->enctypes);
+       }
     }
 
     /* canon name if needed for client + target realm */