diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-07-29 16:10:32 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-07-29 16:10:32 +0000 |
| commit | d71bb0ac2c2f24486971aca60efe0b5d7e878c30 (patch) | |
| tree | a8222af86306199b03c2656f40baaf47bbc85094 /doc | |
| parent | 0479bee230a5fb18a7b1333dcf2678250241438f (diff) | |
| download | krb5-d71bb0ac2c2f24486971aca60efe0b5d7e878c30.zip krb5-d71bb0ac2c2f24486971aca60efe0b5d7e878c30.tar.gz krb5-d71bb0ac2c2f24486971aca60efe0b5d7e878c30.tar.bz2 | |
Enctype list configuration enhancements
In the processing code for enctype lists, add support for "DEFAULT"
to indicate the default list, for families (des/des3/aes/rc4), and
for removing entries from the current list (-foo). Also add unit
tests and document.
ticket: 6539
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/admin.texinfo | 9 | ||||
| -rw-r--r-- | doc/support-enc.texinfo | 13 |
2 files changed, 20 insertions, 2 deletions
diff --git a/doc/admin.texinfo b/doc/admin.texinfo index f5d5e61..9af5f6b 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -360,6 +360,15 @@ but not recommended for use. @include support-enc.texinfo +The string DEFAULT can be used to refer to the default set of types for +the variable in question. Types or families can be removed from the +current list by prefixing them with a minus sign (``-''). Types or +families can be prefixed with a plus sign (``+'') for symmetry; it has +the same meaning as just listing the type or family. For example, +``DEFAULT -des'' would be the default set of encryption types with DES +types removed, and ``des3 DEFAULT'' would be the default set of +encryption types with triple DES types moved to the front. + While aes128-cts and aes256-cts are supported for all Kerberos operations, they are not supported by older versions of our GSSAPI implementation (krb5-1.3.1 and earlier). diff --git a/doc/support-enc.texinfo b/doc/support-enc.texinfo index c359db6..693f273 100644 --- a/doc/support-enc.texinfo +++ b/doc/support-enc.texinfo @@ -1,6 +1,7 @@ @ignore -the information in this file should be consistent with the information -in krb5/src/lib/crypto/etypes.c (and krb5/src/include/krb5.h[in]?) +The information in this file should be consistent with the information +in krb5/src/lib/crypto/etypes.c and the family processing code in +krb5/src/lib/krb5/krb/init_ctx.c (krb5int_parse_enctype_list). @end ignore @table @code @@ -34,4 +35,12 @@ RC4 with HMAC/MD5 @itemx rc4-hmac-exp @itemx arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) +@item des +The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak) +@item des3 +The triple DES family: des3-cbc-sha1 +@item aes +The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 +@item rc4 +The RC4 family: arcfour-hmac @end table |