From 697d493ca81ab3ffa9b7918e6fb825edad3343e2 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Mon, 24 Nov 2025 17:03:45 -0600 Subject: [PATCH] kadmin: Use same supported_enctypes default as default_keys in lib/hdb --- kadmin/ank.c | 4 ++-- kadmin/ext.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kadmin/ank.c b/kadmin/ank.c index fba3450aa..0c3781291 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -275,7 +275,7 @@ add_new_key(struct add_options *opt, int argc, char **argv) enctypes = krb5_config_get_string(context, NULL, "libdefaults", "supported_enctypes", NULL); if (enctypes == NULL || enctypes[0] == '\0') - enctypes = "aes128-cts-hmac-sha1-96"; + enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192"; ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple); if (ret) { fprintf(stderr, "enctype(s) unknown\n"); @@ -505,7 +505,7 @@ add_new_namespace(struct add_namespace_options *opt, int argc, char **argv) enctypes = krb5_config_get_string(context, NULL, "libdefaults", "supported_enctypes", NULL); if (enctypes == NULL || enctypes[0] == '\0') - enctypes = "aes128-cts-hmac-sha1-96"; + enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192"; ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple); if (ret) { fprintf(stderr, "enctype(s) unknown\n"); diff --git a/kadmin/ext.c b/kadmin/ext.c index 5a8281a09..f6a811e0b 100644 --- a/kadmin/ext.c +++ b/kadmin/ext.c @@ -199,7 +199,7 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv) enctypes = krb5_config_get_string(context, NULL, "libdefaults", "supported_enctypes", NULL); if (enctypes == NULL || enctypes[0] == '\0') - enctypes = "aes128-cts-hmac-sha1-96"; + enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192"; ret = krb5_string_to_keysalts2(context, enctypes, &data.nkstuple, &data.kstuple); if (ret) {