Select the cryptosystem to be used using krb5_use_cstype() instead of

using a implementation specific assignment.  Also, allow the
encryption type to be specified using a command line option.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4505 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 11 insertions, 6 deletions

diff --git a/src/kdc/main.c b/src/kdc/main.c
index a3da6cf419..4912ab8943 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -150,12 +150,13 @@ char **argv;
     char *rcname = 0;
     char *lrealm;
     krb5_error_code retval, retval2;
+    krb5_enctype kdc_etype = DEFAULT_KDC_ETYPE;
     krb5_enctype etype;
     extern krb5_deltat krb5_clockskew;
 
     extern char *optarg;
 
-    while ((c = getopt(argc, argv, "r:d:mM:k:R:")) != EOF) {
+    while ((c = getopt(argc, argv, "r:d:mM:k:R:e:")) != EOF) {
 	switch(c) {
 	case 'r':			/* realm name for db */
 	    db_realm = optarg;
@@ -176,6 +177,9 @@ char **argv;
 	case 'R':
 	    rcname = optarg;
 	    break;
+	case 'e':
+	    kdc_etype = atoi(optarg);
+	    break;
 	case '?':
 	default:
 	    usage(argv[0]);
@@ -229,11 +233,12 @@ char **argv;
 	exit(1);
     }
 
-#ifdef PROVIDE_DES_CBC_CRC
-    master_encblock.crypto_entry = krb5_des_cst_entry.system;
-#else
-error(You gotta figure out what cryptosystem to use in the KDC);
-#endif
+    if (!valid_etype(kdc_etype)) {
+	com_err(argv[0], KRB5_PROG_ETYPE_NOSUPP,
+		"while setting up etype %d", kdc_etype);
+	exit(1);
+    }
+    krb5_use_cstype(&master_encblock, kdc_etype);
 
     if (retval = krb5_db_fetch_mkey(master_princ, &master_encblock, manual,
 				    FALSE, /* only read it once, if at all */