Limit krb5_get_init_creds_keytab() to etypes in keytab

* Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
author: Stef Walter <stefw@gnome.org> 2012-04-10 22:20:53 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2012-05-07 10:00:16 -0400
commit: 4c157ecedd52602f75574605ef48d0c48e9bfbe8 (patch)
tree: 3341f73dcb37129cc97cb57b55e47e077709dc08 /src/util/sss_krb5.h
parent: 5b1a798a2a792c74e5f11f744f4f5b663c8b93c3 (diff)
download: sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.tar.gz
sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.tar.xz
sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 6ad80806c..12412585f 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -137,4 +137,12 @@ typedef krb5_ticket_times sss_krb5_ticket_times;
 typedef krb5_times sss_krb5_ticket_times;
 #endif
 
+krb5_error_code
+sss_krb5_read_etypes_for_keytab(TALLOC_CTX *mem_ctx,
+                                krb5_context context,
+                                krb5_keytab keytab,
+                                krb5_principal princ,
+                                krb5_enctype **etype_list,
+                                int *n_etype_list);
+
 #endif /* __SSS_KRB5_H__ */
author	Stef Walter <stefw@gnome.org>	2012-04-10 22:20:53 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2012-05-07 10:00:16 -0400
commit	4c157ecedd52602f75574605ef48d0c48e9bfbe8 (patch)
tree	3341f73dcb37129cc97cb57b55e47e077709dc08 /src/util/sss_krb5.h
parent	5b1a798a2a792c74e5f11f744f4f5b663c8b93c3 (diff)
download	sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.tar.gz sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.tar.xz sssd-4c157ecedd52602f75574605ef48d0c48e9bfbe8.zip