* IMplement etype_info in KDC. If the request contains any new

enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response.  Send back etype_info2
all the time.  Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.

* Expose interface for getting string2key with parameters (previously
implemented but not exported)

* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt.  Pass s2kparams and use
string2key_with_params.

Ticket: 1454
Status: open
Target_Version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 13 insertions, 0 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index bf28f9c93..64fbb4844 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-08  Sam Hartman  <hartmans@mit.edu>
+
+	* kdc_preauth.c (return_pw_salt): Don't return pw-salt if the
+	client's enctype list  mandates it supports enctype-info2
+
 2003-05-09  Tom Yu  <tlyu@mit.edu>
 
 	* kdc_util.c (kdc_process_tgs_req): Rename getremotesubkey ->
@@ -8,6 +13,14 @@
 	* kdc_preauth.c (get_etype_info): Patch from Sun to reorganize
 	code and make sure that even for md5 the database order is
 	preserved. 
+	(enctype_requires_etype_info_2): new function; determines wether a
+	particular enctype in a client request means that the client  is
+	required to support etype_info2 by Kerberos clarifications.
+	(etype_info_helper): Renamed from get_etype_info  to abstract out
+	code in common between etype_info and etype_info2
+	(get_enctype_info): Return etype info only if request contains no
+	enctypes that  require etype_info2
+	(return_etype_info2): New function.
 
 2003-04-02  Sam Hartman  <hartmans@mit.edu>