Add Camellia enctypes to default enctype lists

Add camellia256-cts-cmas and camellia128-cts-cmac to the default
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes
lists, to simplify deployment of Camellia.  The new enctypes still
aren't on supported_enctypes, so won't be in the set of long-term keys
for principals without administrator intervention.

ticket: 7446 (new)
target_version: 1.11
tags: pullup

diff --git a/doc/conf.py b/doc/conf.py
index f441f7ec4476af5d13df3e62b62c713417f50667..2ad76fd96ed232e41b319dedd908c9fd06132ba6 100644 (file)
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -267,7 +267,7 @@ else:
     rst_epilog += '''
 .. |krb5conf| replace:: ``/etc/krb5.conf``
 .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal``
-.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4``
+.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4``
 .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96``
 .. |copy| unicode:: U+000A9
 '''

diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index aa793fc8f30ac92102ecc3f4cb70f2fbcee1813f..6054b2056e3d37a3f4501f5f9aee1c59b3bb4ece 100644 (file)
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -63,6 +63,7 @@ static krb5_enctype default_enctype_list[] = {
     ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
     ENCTYPE_DES3_CBC_SHA1,
     ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
     ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
     0
 };