]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0be5505)
s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry()
authorStefan Metzmacher <metze@samba.org>
Fri, 29 Nov 2019 12:48:24 +0000 (13:48 +0100)
committerStefan Metzmacher <metze@samba.org>
Mon, 10 Feb 2020 16:32:37 +0000 (16:32 +0000)
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/libads/kerberos_keytab.c patch | blob | blame | history

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 7d193e1a6000448d09376229877ee22c6f215b10..bc35d5edbe4dfbde714b697d8ef6ed6f5d6a2a39 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -240,11 +240,11 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
        krb5_data password;
        krb5_kvno kvno;
         krb5_enctype enctypes[6] = {
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
-               ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#endif
 #ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
                ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+               ENCTYPE_AES128_CTS_HMAC_SHA1_96,
 #endif
                ENCTYPE_ARCFOUR_HMAC,
                0
Mirror of https://github.com/samba-team/samba.git