permit use of non-des session keys now

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11976 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 9 insertions, 26 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 053fdf3..927b71f 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,9 @@
+2000-01-27  Ken Raeburn  <raeburn@mit.edu>
+
+	* kdc_util.c (select_session_keytype): Revert 1999-09-01 changes;
+	now always use any requested type indicated as supported by the db
+	entry.
+
 1999-10-29  Ken Raeburn  <raeburn@mit.edu>
 
 	* dispatch.c (dispatch): Make message in lookaside case less
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 30f7338..a988b28 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1398,33 +1398,10 @@ select_session_keytype(context, server, nktypes, ktype)
 	if (!valid_enctype(ktype[i]))
 	    continue;
 
-	if (dbentry_supports_enctype(context, server, ktype[i])) {
-	    switch (ktype[i]) {
-	    case ENCTYPE_NULL:
-	    case ENCTYPE_DES_CBC_CRC:
-	    case ENCTYPE_DES_CBC_MD4:
-	    case ENCTYPE_DES_CBC_MD5:
-	    case ENCTYPE_DES_CBC_RAW:
-	    case ENCTYPE_DES_HMAC_SHA1:
-		return ktype[i];
-
-	    default:
-		/* For now, too much of our code supports only
-		   single-DES.  For example, the GSSAPI Kerberos
-		   mechanism needs to be modified.  If someone tries
-		   using other key types, force single-DES for the
-		   session key.
-
-		   This weird way of setting it here is so that a
-		   requested single-DES enctype listed after DES3 can
-		   be used, and this fallback enctype will be used
-		   only if *no* single-DES enctypes were requested.  */
-		dfl = ENCTYPE_DES_CBC_CRC;
-		break;
-	    }
-	}
+	if (dbentry_supports_enctype(context, server, ktype[i]))
+	    return ktype[i];
     }
-    return dfl;
+    return 0;
 }
 
 /*