Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
This commit is contained in:
Nicolas Williams
committed by
Love Hörnquist Åstrand
Love Hörnquist Åstrand
parent
ec35b8d4a2
commit
a7a8a7e95c
@@ -51,6 +51,8 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
c->require_preauth = TRUE;
|
||||
c->kdc_warn_pwexpire = 0;
|
||||
c->encode_as_rep_as_tgs_rep = FALSE;
|
||||
c->as_use_strongest_session_key = TRUE;
|
||||
c->tgs_use_strongest_session_key = TRUE;
|
||||
c->check_ticket_addresses = TRUE;
|
||||
c->allow_null_ticket_addresses = TRUE;
|
||||
c->allow_anonymous = FALSE;
|
||||
@@ -116,6 +118,17 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
|
||||
}
|
||||
#endif
|
||||
|
||||
c->as_use_strongest_session_key =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->as_use_strongest_session_key,
|
||||
"kdc",
|
||||
"as-use-strongest-session-key", NULL);
|
||||
c->tgs_use_strongest_session_key =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->tgs_use_strongest_session_key,
|
||||
"kdc",
|
||||
"tgs-use-strongest-session-key", NULL);
|
||||
|
||||
c->check_ticket_addresses =
|
||||
krb5_config_get_bool_default(context, NULL,
|
||||
c->check_ticket_addresses,
|
||||
|
||||
Reference in New Issue
Block a user