Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>

kdc/kdc.h

@@ -59,6 +59,9 @@ typedef struct krb5_kdc_configuration {
 
     krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
 
+    krb5_boolean as_use_strongest_session_key;
+    krb5_boolean tgs_use_strongest_session_key;
+
     krb5_boolean check_ticket_addresses;
     krb5_boolean allow_null_ticket_addresses;
     krb5_boolean allow_anonymous;