oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Allow weak crypto in hprop

Browse Source 
hprop may be decrypting an old database encrypted with a DES master
key, in which case it shouldn't fail because DES is disabled by default.

This could permit weak enctypes to be used when authenticating to a
remote hpropd, although stronger enctypes are still preferred.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Russ Allbery
2010-01-27 20:49:08 -08:00
committed by Love Hornquist Astrand
parent 8a57d5cb08
commit 01d54cacc9
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/hprop.c
View File

@@ -726,6 +726,11 @@ main(int argc, char **argv)
if(ret)
exit(1);
/* We may be reading an old database encrypted with a DES master key. */
ret = krb5_allow_weak_crypto(context, 1);
if(ret)
krb5_err(context, 1, ret, "krb5_allow_weak_crypto");
if(local_realm)
krb5_set_default_realm(context, local_realm);