From 7b1e954ad49fceb930d753a872804d29dd122a7b Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Tue, 7 Dec 2010 00:28:13 -0500
Subject: [PATCH] Reorder DES algs to work around MIT pre-1.8 GSS

Pre-1.8 MIT GSS accept_sec_context() has a bug which treats
des-cbc-md4 as if the received token format should be CFX.
The previous DES alg ordering resulted in MIT KDCs issuing
des-cbc-md4 session keys for service tickets which triggered
this bug.  Reorder the list so md4 is not preferred.

Change-Id: I11269498a6eb8494044c618db29c43f62b0ced49
---
 lib/krb5/crypto-algs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/crypto-algs.c b/lib/krb5/crypto-algs.c
index 5bd14ce09..5e468f360 100644
--- a/lib/krb5/crypto-algs.c
+++ b/lib/krb5/crypto-algs.c
@@ -74,9 +74,9 @@ struct encryption_type *_krb5_etypes[] = {
     &_krb5_enctype_old_des3_cbc_sha1,
 #endif
 #ifdef HEIM_WEAK_CRYPTO
-    &_krb5_enctype_des_cbc_crc,
-    &_krb5_enctype_des_cbc_md4,
     &_krb5_enctype_des_cbc_md5,
+    &_krb5_enctype_des_cbc_md4,
+    &_krb5_enctype_des_cbc_crc,
     &_krb5_enctype_des_cbc_none,
     &_krb5_enctype_des_cfb64_none,
     &_krb5_enctype_des_pcbc_none,