From 56108ac2b7c7b747951614b9da99a5df1d57be6d Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Wed, 1 Apr 2009 18:25:02 +0000 Subject: Use the preferred checksum for non-DES keys in the kdc_req path and all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970 --- src/config-files/krb5.conf.M | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'src/config-files') diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 9115e32c91..10b1792e87 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -143,15 +143,11 @@ clock. This corrective factor is only used by the Kerberos library. For compatability with DCE security servers which do not support the default CKSUMTYPE_RSA_MD5 used by this version of Kerberos. Use a value of 2 to use the CKSUMTYPE_RSA_MD4 instead. This applies to DCE 1.1 and -earlier. +earlier. This value is only used for DES keys; other keys use the +preferred checksum type for those keys. .IP ap_req_checksum_type -This allows you to set the checksum type used in the authenticator of -KRB_AP_REQ messages. The default value for this type is -CKSUMTYPE_RSA_MD5. For compatibility with applications linked against -DCE version 1.1 or earlier Kerberos libraries, use a value of 2 to use -the CKSUMTYPE_RSA_MD4 -instead. +This obsolete variable is not used. .IP safe_checksum_type This allows you to set the preferred keyed-checksum type for use in KRB_SAFE -- cgit