Sam Hartman <hartm...@debian.org> writes: > In 1.8, MIT Kerberos added support for the default tag for enctype > configuration. So you can do something like
> default_tgs_enctypes = default -des-cbc-crc > I think we should use this style in the commented out entries in > krb5.conf. This would of course mean that krb5-config would break > libkrb53, although that's probably just fine. Depending on how we > resolve the bugs against krb5, we may want to delay pushing a change > here until after squeeze. I'd like to propose instead that we just delete this commented-out enctype section. I've not encountered software with this bug in an extremely long time, certainly not with any software that's still in or supported by Debian, even in non-free. I'd rather not see the example use the above syntax, since I don't think Heimdal supports it. For reference, here's the section under discussion: # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
