From f70d290faea0ed8a9e41553c56eb673bb1d08cb8 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Sat, 31 Jan 2009 03:57:20 +0000
Subject: Default allow_weak_crypto=true for now.  Default supported_enctypes
 to exclude single-DES enctypes.

ticket: 6353
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21851 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/osconf.hin | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/include')

diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 6feb22338..339e4b228 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -101,6 +101,11 @@
 #define DEFAULT_KADM5_ACL_FILE	"@LOCALSTATEDIR/krb5kdc/kadm5.acl"
 #define DEFAULT_KADM5_PORT	749 /* assigned by IANA */
 
+#define KRB5_DEFAULT_SUPPORTED_ENCTYPES			\
+	"aes256-cts-hmac-sha1-96:normal "		\
+	"aes128-cts-hmac-sha1-96:normal "		\
+	"des3-cbc-sha1:normal arcfour-hmac-md5:normal"
+
 #define MAX_DGRAM_SIZE	4096
 #define MAX_SKDC_TIMEOUT 30
 #define SKDC_TIMEOUT_SHIFT 2		/* left shift of timeout for backoff */
-- 
cgit