diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-10-22 13:47:48 +0200 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-01 16:24:28 +0100 |
commit | 24f3f87706329e6e280dc6be6d025e997d46c910 (patch) | |
tree | 46f61bc5a74fee4235ad1cc4187428c3d8306596 | |
parent | f853c1792967332c4aff52c0fb35f653f614f86d (diff) | |
download | samba-24f3f87706329e6e280dc6be6d025e997d46c910.tar.gz samba-24f3f87706329e6e280dc6be6d025e997d46c910.tar.bz2 samba-24f3f87706329e6e280dc6be6d025e997d46c910.zip |
lib/krb5_wrap: request enc_types in the correct order (bug #9272)
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
should have a higher priority than arcfour-hmac-md5,
otherwise the KDC still gives us arcfour-hmac-md5 session keys.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 8037337d6e..f04f6e1837 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -685,15 +685,15 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; krb5_enctype enc_types[] = { - ENCTYPE_ARCFOUR_HMAC, - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES_CBC_CRC, -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#endif #ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ENCTYPE_AES256_CTS_HMAC_SHA1_96, #endif +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +#endif + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES_CBC_CRC, ENCTYPE_NULL}; initialize_krb5_error_table(); |