disable single-DES by default

Mark all single-DES enctypes as "weak", and create a new libdefaults variable "allow_weak_crypto", which defaults to "false". ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21823 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2009-01-28 23:22:27 +0000
committer: Tom Yu <tlyu@mit.edu> 2009-01-28 23:22:27 +0000
commit: 95caf0d30ec2b4c1231c022335d5c6241e8c0d38 (patch)
tree: 400b9dc63fecc5db1b5d08478cf11b397f8c5059 /src/include
parent: 84e751c169af0112993d0a7e7b1a45acc9552c02 (diff)
download: krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.tar.gz
krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.tar.xz
krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 063c30310..7de6c1a60 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1228,6 +1228,8 @@ struct _krb5_context {
 
     /* For Sun iprop code; does this really have to be here?  */
     struct _kdb_log_context *kdblog_context;
+
+    krb5_boolean allow_weak_crypto;
 };
 
 /* could be used in a table to find an etype and initialize a block */
@@ -2318,6 +2320,8 @@ typedef struct
 krb5_boolean krb5_is_permitted_enctype_ext 
          ( krb5_context, krb5_etypes_permitted *);
 
+krb5_boolean KRB5_CALLCONV krb5_c_weak_enctype(krb5_enctype);
+
 krb5_error_code krb5_kdc_rep_decrypt_proc
 	(krb5_context,
 		const krb5_keyblock *,
author	Tom Yu <tlyu@mit.edu>	2009-01-28 23:22:27 +0000
committer	Tom Yu <tlyu@mit.edu>	2009-01-28 23:22:27 +0000
commit	95caf0d30ec2b4c1231c022335d5c6241e8c0d38 (patch)
tree	400b9dc63fecc5db1b5d08478cf11b397f8c5059 /src/include
parent	84e751c169af0112993d0a7e7b1a45acc9552c02 (diff)
download	krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.tar.gz krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.tar.xz krb5-95caf0d30ec2b4c1231c022335d5c6241e8c0d38.zip