In KDC, assume all services support aes256-sha1

To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. ticket: 9075
author: Greg Hudson <ghudson@mit.edu> 2022-12-14 13:20:46 -0500
committer: Greg Hudson <ghudson@mit.edu> 2023-01-23 18:41:09 -0500
commit: 2cbd847e0e92bc4e219b65c770ae33f851b22afc (patch)
tree: 6e87d90dbd0cd9d50d2499223ef88ff29c5bb22e /src/tests/t_keyrollover.py
parent: fc922496edbc73cd47b812c92c61b2544d317198 (diff)
download: krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.zip
krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.tar.gz
krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.tar.bz2
1 files changed, 3 insertions, 3 deletions
diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py
index 2c825a6..e9840df 100755
--- a/src/tests/t_keyrollover.py
+++ b/src/tests/t_keyrollover.py
@@ -22,9 +22,9 @@ realm.run([kvno, princ1])
 realm.run([kadminl, 'purgekeys', realm.krbtgt_princ])
 # Make sure an old TGT fails after purging old TGS key.
 realm.run([kvno, princ2], expected_code=1)
-et = "aes128-cts-hmac-sha256-128"
-msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): %s, %s' % \
-    (realm.realm, realm.realm, et, et)
+msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): ' \
+    'aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha256-128' % \
+    (realm.realm, realm.realm)
 realm.run([klist, '-e'], expected_msg=msg)
 
 # Check that new key actually works.
author	Greg Hudson <ghudson@mit.edu>	2022-12-14 13:20:46 -0500
committer	Greg Hudson <ghudson@mit.edu>	2023-01-23 18:41:09 -0500
commit	2cbd847e0e92bc4e219b65c770ae33f851b22afc (patch)
tree	6e87d90dbd0cd9d50d2499223ef88ff29c5bb22e /src/tests/t_keyrollover.py
parent	fc922496edbc73cd47b812c92c61b2544d317198 (diff)
download	krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.zip krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.tar.gz krb5-2cbd847e0e92bc4e219b65c770ae33f851b22afc.tar.bz2