From: Stefan Metzmacher Date: Fri, 29 Nov 2019 12:48:24 +0000 (+0100) Subject: s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry() X-Git-Tag: ldb-2.1.1~111 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=240e5cf325b2a07fcdbd9ad37d5a499a2defc100;p=thirdparty%2Fsamba.git s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry() This is currently not critical as we only use keytabs only as acceptor, but in future we'll also use them for kinit() and there we should prefer the newest type. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 7d193e1a600..bc35d5edbe4 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -240,11 +240,11 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads) krb5_data password; krb5_kvno kvno; krb5_enctype enctypes[6] = { -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#endif #ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ENCTYPE_AES256_CTS_HMAC_SHA1_96, +#endif +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, #endif ENCTYPE_ARCFOUR_HMAC, 0