git.ipfire.org Git - thirdparty/krb5.git/commit

author	Robbie Harwood <rharwood@redhat.com>
	Mon, 13 May 2019 18:19:57 +0000 (14:19 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 14 May 2019 01:44:06 +0000 (21:44 -0400)
commit	a5a140dc85201faf1ba3a687553058354722a1b4
tree	a5b1b1f698ef08d2211efe0cc1331595176630eb	tree
parent	0269810b1aec6c554fb746433f045d59fd34ab3a	commit \| diff

Remove checksum type profile variables

Remove support for the krb5.conf relations ap_req_checksum_type,
kdc_req_checksum_type, and safe_checksum_type. These values were
useful for interoperating with very old KDCs, which should no longer
be deployed.

Additionally, kdc_req_checksum_type was incorrectly documented as only
applying to single-DES keys; in practice it also worked for RC4. The
other two were not clearly documented, but safe_checksum_type did
allow use of hmac-md5-rc4 for any enctype, and ap_req_checksum_type
did not impose any limitations.

[ghudson@mit.edu: edited commit message]

ticket: 8804 (new)

doc/admin/conf_files/krb5_conf.rst		diff \| blob \| blame \| history
src/include/k5-int.h		diff \| blob \| blame \| history
src/lib/krb5/krb/auth_con.c		diff \| blob \| blame \| history
src/lib/krb5/krb/init_ctx.c		diff \| blob \| blame \| history
src/lib/krb5/krb/send_tgs.c		diff \| blob \| blame \| history
src/lib/krb5/krb/ser_ctx.c		diff \| blob \| blame \| history
src/lib/krb5/krb/t_copy_context.c		diff \| blob \| blame \| history
src/man/krb5.conf.man		diff \| blob \| blame \| history