summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/appl/bsd/kcmd.c2
-rw-r--r--src/config-files/krb5.conf.M2
-rw-r--r--src/lib/krb5/krb/init_ctx.c2
-rw-r--r--src/lib/krb5/krb/mk_req_ext.c2
4 files changed, 6 insertions, 2 deletions
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index c4212b302..199056944 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -473,6 +473,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
if (krb5_auth_con_init(bsd_context, &auth_context))
goto bad2;
+ if (krb5_auth_con_set_req_cksumtype(bsd_context, auth_context, CKSUMTYPE_RSA_MD5) !=0 )
+ goto bad2;
if (krb5_auth_con_setflags(bsd_context, auth_context,
KRB5_AUTH_CONTEXT_RET_TIME))
goto bad2;
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M
index 10b1792e8..2f2fbb239 100644
--- a/src/config-files/krb5.conf.M
+++ b/src/config-files/krb5.conf.M
@@ -147,7 +147,7 @@ earlier. This value is only used for DES keys; other keys use the
preferred checksum type for those keys.
.IP ap_req_checksum_type
-This obsolete variable is not used.
+If set this variable controls what ap-req checksum will be used in authenticators. This variable should be unset so the appropriate checksum for the encryption key in use will be used. This can be set if backward compatibility requires a specific checksum type.
.IP safe_checksum_type
This allows you to set the preferred keyed-checksum type for use in KRB_SAFE
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 7e0159aa2..67dad8cb2 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -208,7 +208,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
ctx->kdc_req_sumtype = tmp;
profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
- KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5,
+ KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, 0,
&tmp);
ctx->default_ap_req_sumtype = tmp;
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 3f12763fd..64eafe362 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -210,6 +210,8 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
&cksumtype);
if (retval)
goto cleanup_cksum;
+ if ((*auth_context)->req_cksumtype)
+ cksumtype = (*auth_context)->req_cksumtype;
if ((retval = krb5_c_make_checksum(context,
cksumtype,
(*auth_context)->keyblock,
generated by cgit (git 2.34.1) at 2026-01-08 12:51:51 +0000