diff options
author | Michael Weiser <weiser@science-computing.de> | 2012-04-16 06:49:21 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2012-04-16 06:49:21 -0400 |
commit | 16f151834e63d8df9f852b7e265f17c689553c35 (patch) | |
tree | 18ed95985e59d24af4f4db7478261bb4ae3b2bcf /utils/gssd/krb5_util.c | |
parent | 880e2efecb4469573a5c2e89aee4963f29288f88 (diff) | |
download | nfs-utils-16f151834e63d8df9f852b7e265f17c689553c35.tar.gz nfs-utils-16f151834e63d8df9f852b7e265f17c689553c35.tar.xz nfs-utils-16f151834e63d8df9f852b7e265f17c689553c35.zip |
Add -l option to gssd to force legacy behaviour
Implement a new option -l to force gssd to ignore its kernel's crypto
capabilities and use just the Single DES legacy encryption types to be
compatible with old servers. This is only relevant if those servers have
strong keys in their keytab.
Signed-off-by: Steve Dickson <steved@redhat.com>
Tested-by: Michael Weiser <weiser@science-computing.de>
Diffstat (limited to 'utils/gssd/krb5_util.c')
-rw-r--r-- | utils/gssd/krb5_util.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 4b13fa1..887d118 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -129,6 +129,10 @@ /* Global list of principals/cache file names for machine credentials */ struct gssd_k5_kt_princ *gssd_k5_kt_princ_list = NULL; +#ifdef HAVE_SET_ALLOWABLE_ENCTYPES +int limit_to_legacy_enctypes = 0; +#endif + /*==========================*/ /*=== Internal routines ===*/ /*==========================*/ @@ -1342,7 +1346,7 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec) * If we failed for any reason to produce global * list of supported enctypes, use local default here. */ - if (krb5_enctypes == NULL) + if (krb5_enctypes == NULL || limit_to_legacy_enctypes) maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid, num_enctypes, enctypes); else |