From 288ae5fc9a34c16f711153c011975f4c977c2efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 7 Mar 2004 17:10:46 +0000
Subject: [PATCH] add --disable-DES

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13455 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/config.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/kdc/config.c b/kdc/config.c
index a9c765e2b..f91f26fe6 100644
--- a/kdc/config.c
+++ b/kdc/config.c
@@ -70,6 +70,8 @@ static const char *trpolicy_str;
 static struct getarg_strings addresses_str;	/* addresses to listen on */
 krb5_addresses explicit_addresses;
 
+static int disable_des = -1;
+
 #ifdef KRB4
 char *v4_realm;
 int enable_v4 = -1;
@@ -140,6 +142,8 @@ static struct getargs args[] = {
 #endif
     {	"addresses",	0,	arg_strings, &addresses_str,
 	"addresses to listen on", "list of addresses" },
+    {	"disable-des",	0,	arg_flag, &disable_des,
+	"disable DES" },
     {	"help",		'h',	arg_flag,   &help_flag },
     {	"version",	'v',	arg_flag,   &version_flag }
 };
@@ -463,4 +467,17 @@ configure(int argc, char **argv)
 	krb_get_lrealm(v4_realm, 1);
     }
 #endif
+    if(disable_des == -1) 
+	disable_des = krb5_config_get_bool_default(context, NULL, 
+						   0,
+						   "kdc",
+						   "disable-des", NULL);
+    if(disable_des) {
+	krb5_enctype_disable(context, ETYPE_DES_CBC_CRC);
+	krb5_enctype_disable(context, ETYPE_DES_CBC_MD4);
+	krb5_enctype_disable(context, ETYPE_DES_CBC_MD5);
+	krb5_enctype_disable(context, ETYPE_DES_CBC_NONE);
+	krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE);
+	krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
+    }
 }