From 6d48a7deaeed3dcb5dce55d8e9730c47512a904e Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Fri, 3 Apr 2009 03:33:01 +0000 Subject: Unfortunately, pre-1.7 krshd fails to support keyed checksums because it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970 --- src/config-files/krb5.conf.M | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/config-files') diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 10b1792e87..2f2fbb2392 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -147,7 +147,7 @@ earlier. This value is only used for DES keys; other keys use the preferred checksum type for those keys. .IP ap_req_checksum_type -This obsolete variable is not used. +If set this variable controls what ap-req checksum will be used in authenticators. This variable should be unset so the appropriate checksum for the encryption key in use will be used. This can be set if backward compatibility requires a specific checksum type. .IP safe_checksum_type This allows you to set the preferred keyed-checksum type for use in KRB_SAFE -- cgit