From b19f2a8984321c3e20a29c8a76456cecb99bccca Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 5 Jan 2010 02:47:58 +0000
Subject: disable weak crypto by default

Set allow_weak_crypto=false by default.  Set default master key
enctype to sha256.  Adjust test suite to compensate.

ticket: 6621

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/init_ctx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/krb5/krb/init_ctx.c')

diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 8f6a1b3dcb..2c2beb6bfc 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -165,7 +165,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
         goto cleanup;
 
     retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-                                 KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp);
+                                 KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 0, &tmp);
     if (retval)
         goto cleanup;
     ctx->allow_weak_crypto = tmp;
-- 
cgit