From f70d290faea0ed8a9e41553c56eb673bb1d08cb8 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Sat, 31 Jan 2009 03:57:20 +0000
Subject: Default allow_weak_crypto=true for now.  Default supported_enctypes
 to exclude single-DES enctypes.

ticket: 6353
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21851 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kadm5/alt_prof.c    | 2 +-
 src/lib/krb5/krb/init_ctx.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index ae9d84c7f4..7ad59ab4d0 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -749,7 +749,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
          if (aprofile)
               krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
          if (svalue == NULL)
-             svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+             svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES);
 
          params.keysalts = NULL;
          params.num_keysalts = 0;
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index bab143e6f8..69f7ad887d 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -172,7 +172,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
 		goto cleanup;
 
 	retval = profile_get_boolean(ctx->profile, "libdefaults",
-				     "allow_weak_crypto", NULL, 0, &tmp);
+				     "allow_weak_crypto", NULL, 1, &tmp);
 	if (retval)
 		goto cleanup;
 	ctx->allow_weak_crypto = tmp;
-- 
cgit