Limit krb5_get_init_creds_keytab() to etypes in keytab

* Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
author: Stef Walter <stefw@gnome.org> 2012-04-10 22:20:53 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2012-05-22 09:12:15 -0400
commit: fbd3a264e5ab80f8aa8918732cd5360389b42a90 (patch)
tree: 71f471d041832e027cfe54dcb88b8dc4fe94dec4 /src/util/sss_krb5.h
parent: f93b0800005c69e165ddf6b4fe8d7fba19789b93 (diff)
download: sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.tar.gz
sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.tar.xz
sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 50c4b696..349dbaa7 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -132,4 +132,12 @@ typedef krb5_ticket_times sss_krb5_ticket_times;
 typedef krb5_times sss_krb5_ticket_times;
 #endif
 
+krb5_error_code
+sss_krb5_read_etypes_for_keytab(TALLOC_CTX *mem_ctx,
+                                krb5_context context,
+                                krb5_keytab keytab,
+                                krb5_principal princ,
+                                krb5_enctype **etype_list,
+                                int *n_etype_list);
+
 #endif /* __SSS_KRB5_H__ */
author	Stef Walter <stefw@gnome.org>	2012-04-10 22:20:53 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2012-05-22 09:12:15 -0400
commit	fbd3a264e5ab80f8aa8918732cd5360389b42a90 (patch)
tree	71f471d041832e027cfe54dcb88b8dc4fe94dec4 /src/util/sss_krb5.h
parent	f93b0800005c69e165ddf6b4fe8d7fba19789b93 (diff)
download	sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.tar.gz sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.tar.xz sssd_unused-fbd3a264e5ab80f8aa8918732cd5360389b42a90.zip