diff options
author | Robbie Harwood <rharwood@redhat.com> | 2019-05-13 14:19:57 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2019-05-13 21:44:06 -0400 |
commit | a5a140dc85201faf1ba3a687553058354722a1b4 (patch) | |
tree | a5b1b1f698ef08d2211efe0cc1331595176630eb /src/include | |
parent | 0269810b1aec6c554fb746433f045d59fd34ab3a (diff) | |
download | krb5-a5a140dc85201faf1ba3a687553058354722a1b4.zip krb5-a5a140dc85201faf1ba3a687553058354722a1b4.tar.gz krb5-a5a140dc85201faf1ba3a687553058354722a1b4.tar.bz2 |
Remove checksum type profile variables
Remove support for the krb5.conf relations ap_req_checksum_type,
kdc_req_checksum_type, and safe_checksum_type. These values were
useful for interoperating with very old KDCs, which should no longer
be deployed.
Additionally, kdc_req_checksum_type was incorrectly documented as only
applying to single-DES keys; in practice it also worked for RC4. The
other two were not clearly documented, but safe_checksum_type did
allow use of hmac-md5-rc4 for any enctype, and ap_req_checksum_type
did not impose any limitations.
[ghudson@mit.edu: edited commit message]
ticket: 8804 (new)
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/k5-int.h | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f24e92c..7490359 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -181,7 +181,6 @@ typedef unsigned char u_char; #define KRB5_CONF_ACL_FILE "acl_file" #define KRB5_CONF_ADMIN_SERVER "admin_server" #define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" -#define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type" #define KRB5_CONF_AUTH_TO_LOCAL "auth_to_local" #define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names" #define KRB5_CONF_CANONICALIZE "canonicalize" @@ -240,7 +239,6 @@ typedef unsigned char u_char; #define KRB5_CONF_KDC_LISTEN "kdc_listen" #define KRB5_CONF_KDC_MAX_DGRAM_REPLY_SIZE "kdc_max_dgram_reply_size" #define KRB5_CONF_KDC_PORTS "kdc_ports" -#define KRB5_CONF_KDC_REQ_CHECKSUM_TYPE "kdc_req_checksum_type" #define KRB5_CONF_KDC_TCP_PORTS "kdc_tcp_ports" #define KRB5_CONF_KDC_TCP_LISTEN "kdc_tcp_listen" #define KRB5_CONF_KDC_TCP_LISTEN_BACKLOG "kdc_tcp_listen_backlog" @@ -288,7 +286,6 @@ typedef unsigned char u_char; #define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit" #define KRB5_CONF_RENEW_LIFETIME "renew_lifetime" #define KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT "restrict_anonymous_to_tgt" -#define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type" #define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes" #define KRB5_CONF_SPAKE_PREAUTH_INDICATOR "spake_preauth_indicator" #define KRB5_CONF_SPAKE_PREAUTH_KDC_CHALLENGE "spake_preauth_kdc_challenge" @@ -1194,9 +1191,6 @@ struct _krb5_context { void *ser_ctx; /* allowable clock skew */ krb5_deltat clockskew; - krb5_cksumtype kdc_req_sumtype; - krb5_cksumtype default_ap_req_sumtype; - krb5_cksumtype default_safe_sumtype; krb5_flags kdc_default_options; krb5_flags library_options; krb5_boolean profile_secure; |