s3:passdb: ENCTYPE_DES_CBC_MD5 is not longer used in secrets_domain_info_kerberos_keys()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 30 17:03:55 UTC 2024 on atb-devel-224

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 215713490042c2eb1d436be0ec8456b51379d802..0679535f0262d3d86ace48c02cde46868d32c6dd 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1037,7 +1037,7 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
        bool ok;
 #endif /* HAVE_ADS */
        DATA_BLOB arc4_b = data_blob_null;
-       const uint16_t max_keys = 4;
+       const uint16_t max_keys = 3;
        struct secrets_domain_info1_kerberos_key *keys = NULL;
        uint16_t idx = 0;
        char *salt_data = NULL;
@@ -1047,10 +1047,10 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
         * ENCTYPE_AES256_CTS_HMAC_SHA1_96
         * ENCTYPE_AES128_CTS_HMAC_SHA1_96
         * ENCTYPE_ARCFOUR_HMAC
-        * ENCTYPE_DES_CBC_MD5
         *
         * We don't include ENCTYPE_DES_CBC_CRC
-        * as W2008R2 also doesn't store it anymore.
+        * and ENCTYPE_DES_CBC_MD5
+        * as they are no longer supported.
         *
         * Note we store all enctypes we support,
         * including the weak encryption types,