Rename and fix as/tgs-use-strongest-key config parameters

Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.

kdc/default_config.c

@@ -51,9 +51,9 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
     c->require_preauth = TRUE;
     c->kdc_warn_pwexpire = 0;
     c->encode_as_rep_as_tgs_rep = FALSE;
-    c->as_use_strongest_session_key = FALSE;
+    c->tgt_use_strongest_session_key = FALSE;
     c->preauth_use_strongest_session_key = FALSE;
-    c->tgs_use_strongest_session_key = FALSE;
+    c->svc_use_strongest_session_key = FALSE;
     c->use_strongest_server_key = TRUE;
     c->check_ticket_addresses = TRUE;
     c->allow_null_ticket_addresses = TRUE;
@@ -120,21 +120,21 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
     }
 #endif
 
-    c->as_use_strongest_session_key =
+    c->tgt_use_strongest_session_key =
 	krb5_config_get_bool_default(context, NULL,
-				     c->as_use_strongest_session_key,
+				     c->tgt_use_strongest_session_key,
 				     "kdc",
-				     "as-use-strongest-session-key", NULL);
+				     "tgt-use-strongest-session-key", NULL);
     c->preauth_use_strongest_session_key =
 	krb5_config_get_bool_default(context, NULL,
 				     c->preauth_use_strongest_session_key,
 				     "kdc",
 				     "preauth-use-strongest-session-key", NULL);
-    c->tgs_use_strongest_session_key =
+    c->svc_use_strongest_session_key =
 	krb5_config_get_bool_default(context, NULL,
-				     c->tgs_use_strongest_session_key,
+				     c->svc_use_strongest_session_key,
 				     "kdc",
-				     "tgs-use-strongest-session-key", NULL);
+				     "svc-use-strongest-session-key", NULL);
     c->use_strongest_server_key =
 	krb5_config_get_bool_default(context, NULL,
 				     c->use_strongest_server_key,

kdc/kdc.h

@@ -59,9 +59,9 @@ typedef struct krb5_kdc_configuration {
 
     krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
 
-    krb5_boolean as_use_strongest_session_key;
+    krb5_boolean tgt_use_strongest_session_key;
     krb5_boolean preauth_use_strongest_session_key;
-    krb5_boolean tgs_use_strongest_session_key;
+    krb5_boolean svc_use_strongest_session_key;
     krb5_boolean use_strongest_server_key;
 
     krb5_boolean check_ticket_addresses;

kdc/kerberos5.c

@@ -1689,7 +1689,10 @@ _kdc_as_rep(kdc_request_t r,
      * decrypt.
      */
 
-    ret = _kdc_find_etype(context, config->as_use_strongest_session_key, FALSE,
+    ret = _kdc_find_etype(context,
+			  krb5_principal_is_krbtgt(context, r->server_princ) ?
+			  config->tgt_use_strongest_session_key :
+			  config->svc_use_strongest_session_key, FALSE,
 			  r->client, b->etype.val, b->etype.len, &r->sessionetype,
 			  NULL);
     if (ret) {

kdc/krb5tgs.c

@@ -1729,7 +1729,9 @@ server_lookup:
 	    Key *skey;
 
 	    ret = _kdc_find_etype(context,
-				  config->tgs_use_strongest_session_key, FALSE,
+				  krb5_principal_is_krbtgt(context, sp) ?
+				  config->tgt_use_strongest_session_key :
+				  config->svc_use_strongest_session_key, FALSE,
 				  server, b->etype.val, b->etype.len, &etype,
 				  NULL);
 	    if(ret) {