diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-04-03 03:33:01 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-04-03 03:33:01 +0000 |
commit | 6d48a7deaeed3dcb5dce55d8e9730c47512a904e (patch) | |
tree | 5bcc45ebabcfab7ec0993fb33f79f9093a983061 /src/appl | |
parent | d44144bc3c86cd2e0b9dbe74f0241905201ddd23 (diff) | |
download | krb5-6d48a7deaeed3dcb5dce55d8e9730c47512a904e.zip krb5-6d48a7deaeed3dcb5dce55d8e9730c47512a904e.tar.gz krb5-6d48a7deaeed3dcb5dce55d8e9730c47512a904e.tar.bz2 |
Unfortunately, pre-1.7 krshd fails to support keyed checksums because
it uses the wrong API and wrong key usage. So, if the auth_context
has an explicit checksum type set, then respect that. kcmd sets such
a checksum type. Also, because other applications may have the same
problem, allow the config file variable if set to override the default
checksum.
* kcmd.c: Force use of rsa_md5
* init_ctx.c: do not default to md5
* mk_req_ext.c: allow auth_context to override
ticket: 1624
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl')
-rw-r--r-- | src/appl/bsd/kcmd.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index c4212b3..1990569 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -473,6 +473,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, if (krb5_auth_con_init(bsd_context, &auth_context)) goto bad2; + if (krb5_auth_con_set_req_cksumtype(bsd_context, auth_context, CKSUMTYPE_RSA_MD5) !=0 ) + goto bad2; if (krb5_auth_con_setflags(bsd_context, auth_context, KRB5_AUTH_CONTEXT_RET_TIME)) goto bad2; |