* init_ctx.c (DEFAULT_ETYPE_LIST): New macro. Old etype list, plus des-md4,

with des-crc before des-mdX for now.
(get_profile_etype_list): Use DEFAULT_ETYPE_LIST.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13126 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 17 insertions, 3 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index a76e2704a..5f2ba2847 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,9 @@
+2001-03-28  Ken Raeburn  <raeburn@mit.edu>
+
+	* init_ctx.c (DEFAULT_ETYPE_LIST): New macro.  Old etype list,
+	plus des-md4, with des-crc before des-mdX for now.
+	(get_profile_etype_list): Use DEFAULT_ETYPE_LIST.
+
 2001-03-10  Ezra Peisach  <epeisach@mit.edu>
 
 	* init_ctx.c: Provide a full prototype for init_common().
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 7654da621..6eb1b97f1 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -56,6 +56,14 @@
 #include <ctype.h>
 #include "brand.c"
 
+/* The des-mdX entries are last for now, because it's easy to
+   configure KDCs to issue TGTs with des-mdX keys and then not accept
+   them.  This'll be fixed, but for better compatibility, let's prefer
+   des-crc for now.  */
+#define DEFAULT_ETYPE_LIST	\
+	"des3-cbc-sha1 " \
+	"des-cbc-crc des-cbc-md5 des-cbc-md4 "
+
 #if (defined(_MSDOS) || defined(_WIN32))
 extern krb5_error_code krb5_vercheck();
 extern void krb5_win_ccdll_load(krb5_context context);
@@ -113,6 +121,8 @@ init_common (context, secure)
 	retval = krb5_vercheck();
 	if (retval)
 		return retval;
+#else /* assume UNIX for now */
+	krb5int_initialize_library ();
 #endif
 
 	*context = 0;
@@ -312,9 +322,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
 	krb5_error_code code;
 
 	code = profile_get_string(context->profile, "libdefaults", profstr,
-				  NULL,
-				  "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
-				  &retval);
+				  NULL, DEFAULT_ETYPE_LIST, &retval);
 	if (code)
 	    return code;