from 1.1 branch:

* init_ctx.c (get_profile_etype_list): Update name of the des3 entry in the
default etype list.

* init_ctx.c (get_profile_etype_list): New argument DESONLY; if set, ignore any
ktype values other than NULL, DES_CBC_CRC, and DES_CBC_MD5.
(krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
(krb5_get_permitted_enctypes): Don't set it.

* fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES when calling
krb5_cc_retrieve_cred.
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
* get_creds.c (krb5_get_credentials_core): Set that flag.
(krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.

* t_ser.c (main): Disable eblock serialization test, since the code it tests
was disabled nearly a year ago.

* str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra argument to
sprintf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11779 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 4 insertions, 2 deletions

diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 4fbf4cf33b..2401439310 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -69,7 +69,8 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds,
     mcreds->client = in_creds->client;
     
     *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
-	| KRB5_TC_MATCH_AUTHDATA ;
+	| KRB5_TC_MATCH_AUTHDATA
+	| KRB5_TC_SUPPORTED_KTYPES;
     if (mcreds->keyblock.enctype)
 	*fields |= KRB5_TC_MATCH_KTYPE;
     if (options & KRB5_GC_USER_USER) {
@@ -120,7 +121,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
 	*out_creds = ncreds;
     }
 
-    if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+    if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+	|| options & KRB5_GC_CACHED)
 	return retval;
 
     retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);