AES shouldn't be in KDC default enctype list

Until all services including GSS-based ones can support AES, we don't want it in the default supported enctypes list on the KDC. ticket: new tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15428 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2003-05-13 21:01:09 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2003-05-13 21:01:09 +0000
commit: 696a8ed7988d47b5d66b627e09f22e647b8f9508 (patch)
tree: 632cf2dea233d0a900250ea65764cba9b53b7d87 /src/lib
parent: dfe4e6c0ab917e5b66743eb16a714a3f73f48777 (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog
index 42e0b8edb..ae0f4405a 100644
--- a/src/lib/kadm5/ChangeLog
+++ b/src/lib/kadm5/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* alt_prof.c (kadm5_get_config_params): Remove aes256 from the
+	default supported enctypes list for now.
+
 2003-05-04  Sam Hartman  <hartmans@mit.edu>
 
 	* chpass_util_strings.et: Replace reference to ovpasswd with kpasswd
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index e7fe3ef84..4c14c4c04 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -702,7 +702,7 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv,
 	 if (aprofile)
 	      krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
 	 if (svalue == NULL)
-	     svalue = strdup("aes256-cts-hmac-sha1-96:normal des3-hmac-sha1:normal des-cbc-crc:normal");
+	     svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
 
 	 params.keysalts = NULL;
 	 params.num_keysalts = 0;
author	Ken Raeburn <raeburn@mit.edu>	2003-05-13 21:01:09 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2003-05-13 21:01:09 +0000
commit	696a8ed7988d47b5d66b627e09f22e647b8f9508 (patch)
tree	632cf2dea233d0a900250ea65764cba9b53b7d87 /src/lib
parent	dfe4e6c0ab917e5b66743eb16a714a3f73f48777 (diff)