I think gss_krb5int_set_allowable_enctypes() should filter out invalid enctypes, and only fail if no enctypes remain after filtering. The current logic would also fail if the kernel supported an enctype which libkrb5 did not (e.g. if the kernel gained support for the aes-sha2 enctypes, and someone upgraded to a new kernel on a system with krb5-1.14 or previous).
- Bug#932000: libgssapi-krb5-2: gss_krb5int_set_allowable_enc... urmel
- Bug#932000: libgssapi-krb5-2: gss_krb5int_set_allowabl... Sam Hartman
- Bug#932000: libgssapi-krb5-2: gss_krb5int_set_allo... Greg Hudson
- Bug#932000: In testing Greg Hudson
- Bug#932000: In testing Felix Lechner
- Bug#932000: In testing Benjamin Kaduk
- Bug#932000: In testing Felix Lechner
