From d3807ad88238f9e63794f0acafbe6a9fd2c7b959 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 12 Apr 2007 16:49:57 +0000
Subject: [PATCH] Add hideous glue for (NFS) clients that wants to limit the
 available enctypes to what it can support (encryption in kernel). If there is
 no enctypes selected for this credential, reset it to the default set of
 enctypes.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20326 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/krb5/init_sec_context.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
index 767ac1470..4aec29429 100644
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -391,6 +391,20 @@ init_auth
 	goto failure;
 
 
+    /*
+     * This is hideous glue for (NFS) clients that wants to limit the
+     * available enctypes to what it can support (encryption in
+     * kernel). If there is no enctypes selected for this credential,
+     * reset it to the default set of enctypes.
+     */
+    {
+	krb5_enctype *enctypes = NULL;
+
+	if (initiator_cred_handle && initiator_cred_handle->enctypes)
+	    enctypes = initiator_cred_handle->enctypes;
+	krb5_set_default_in_tkt_etypes(context, enctypes);
+    }
+
     ret = gsskrb5_get_creds(minor_status,
 			    context,
 			    ccache,