From 1f90983324b9f5804dc57f87c5f7695b0e53db8d Mon Sep 17 00:00:00 2001 From: Uri Simchoni Date: Mon, 4 Jul 2016 09:50:33 +0300 Subject: [PATCH] heimdal: honor conf enctypes when obtaining a service ticket This patch removes part of what's categorized in the code as "hideous glue", which causes Heimdal to ignore krb5.conf encryption types, and instead use either the application- supplied values or the default compile-time values. Signed-off-by: Uri Simchoni Reviewed-by: Jeremy Allison --- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 0a89ae1f36cf..efc421521ce9 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -427,15 +427,12 @@ init_auth /* * This is hideous glue for (NFS) clients that wants to limit the * available enctypes to what it can support (encryption in - * kernel). If there is no enctypes selected for this credential, - * reset it to the default set of enctypes. + * kernel). */ { - krb5_enctype *enctypes = NULL; - - if (cred && cred->enctypes) - enctypes = cred->enctypes; - krb5_set_default_in_tkt_etypes(context, enctypes); + if (cred && cred->enctypes) { + krb5_set_default_in_tkt_etypes(context, cred->enctypes); + } } /* canon name if needed for client + target realm */ -- 2.34.1