From 01d54cacc9af029d821efec1819cb854cba2dc31 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 27 Jan 2010 20:49:08 -0800 Subject: [PATCH] Allow weak crypto in hprop hprop may be decrypting an old database encrypted with a DES master key, in which case it shouldn't fail because DES is disabled by default. This could permit weak enctypes to be used when authenticating to a remote hpropd, although stronger enctypes are still preferred. Signed-off-by: Love Hornquist Astrand --- kdc/hprop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kdc/hprop.c b/kdc/hprop.c index eb400e610..294d704da 100644 --- a/kdc/hprop.c +++ b/kdc/hprop.c @@ -726,6 +726,11 @@ main(int argc, char **argv) if(ret) exit(1); + /* We may be reading an old database encrypted with a DES master key. */ + ret = krb5_allow_weak_crypto(context, 1); + if(ret) + krb5_err(context, 1, ret, "krb5_allow_weak_crypto"); + if(local_realm) krb5_set_default_realm(context, local_realm);