2 files changed, 20 insertions, 59 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 796754ae8..ba9bc2a2e 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -4,6 +4,20 @@ Tue Mar 26 14:45:03 1996  Richard Basch  <basch@lehman.com>
 	requiring domain conversion for the instance.  (imap/<host> is used
 	by some of the new imap mail implementations)
 
+Wed Mar 27 17:05:47 1996  Richard Basch  <basch@lehman.com>
+
+	* in_tkt_ktb.c (keytab_keyproc): Do not check to see that the
+	enctype of the key is identical; there are several equivalent
+	DES enctypes.
+
+	* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
+	logic to only request the keytypes that correspond to those in
+	the keytab.  There were too many fencepost conditions that could
+	get you into trouble.  Either it should be there and *fully*
+	functional, or not in there at all.  Besides, there are too many
+	other components in Kerberos that expect the end-service to know
+	all its keys that this sanity check is overkill.
+
 Sun Mar 24 01:34:14 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index f0b0ab3e3..257ecce0f 100644
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -78,13 +78,6 @@ keytab_keyproc(context, type, salt, keyseed, key)
 	(void) krb5_kt_free_entry(context, &kt_ent);
 	goto cleanup;
     }
-	
-    if (realkey->enctype != type) {
-	(void) krb5_kt_free_entry(context, &kt_ent);
-	krb5_free_keyblock(context, realkey);
-	retval = KRB5_PROG_ETYPE_NOSUPP;
-	goto cleanup;
-    }	
 
     (void) krb5_kt_free_entry(context, &kt_ent);
     *key = realkey;
@@ -126,59 +119,13 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
     krb5_kdc_rep ** ret_as_reply;
 {
     struct keytab_keyproc_arg arg;
-    krb5_enctype * kt_ktypes = (krb5_enctype *) NULL;
-    krb5_keytab kt_id = keytab;
-    krb5_keytab_entry kt_ent;
-    krb5_error_code retval;
-    register int i, j;
-
-    if (! ktypes) {
-	/* get the default enctype list */
-	retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes);
-	if (retval) return retval;
-    } else {
-	/* copy the desired enctypes into a temporary array */
-	for (i = 0; ktypes[i]; i++) ;
-	kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype));
-	if (! kt_ktypes) return ENOMEM;
-	for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ;
-    }
-
-    /* only keep the enctypes for which we have keytab entries */
 
-    if (kt_id == NULL) {
-	retval = krb5_kt_default(context, &kt_id);
-	if (retval) goto cleanup;
-    }
-    i = 0;
-    while (kt_ktypes[i]) {
-	retval = krb5_kt_get_entry(context, kt_id, creds->client,
-				   0, /* don't have vno available */
-				   kt_ktypes[i], &kt_ent);
-	if (retval) {
-	    if (retval != KRB5_KT_NOTFOUND)
-		goto cleanup;
-	    /* strip the enctype from the requested enctype list */
-	    for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ;
-	} else {
-	    /* we have this enctype; proceed to the next one */
-	    (void) krb5_kt_free_entry(context, &kt_ent);
-	    i++;
-	}
-    }
-
-    arg.keytab = kt_id;
+    arg.keytab = keytab;
     arg.client = creds->client;
 
-    retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes,
-			     pre_auth_types,
-			     keytab_keyproc, (krb5_pointer)&arg,
-			     krb5_kdc_rep_decrypt_proc, 0, creds,
-			     ccache, ret_as_reply);
-cleanup:
-    if (kt_ktypes)
-	free(kt_ktypes);
-    if ((keytab == NULL) && (kt_id != NULL))
-	krb5_kt_close(context, kt_id);
-    return retval;
+    return(krb5_get_in_tkt(context, options, addrs, ktypes,
+			   pre_auth_types,
+			   keytab_keyproc, (krb5_pointer)&arg,
+			   krb5_kdc_rep_decrypt_proc, 0, creds,
+			   ccache, ret_as_reply));
 }