diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-04-08 14:09:58 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:17 -0400 |
commit | 683ac6656cb05b6e83593770ffc049eee4a4d119 (patch) | |
tree | 531c849ad7b20ade79e69c8daa446d99722958ae /net/sunrpc/auth_gss/gss_krb5_mech.c | |
parent | 47d84807762966c3611c38adecec6ea703ddda7a (diff) |
gss_krb5: Add upcall info indicating supported kerberos enctypes
The text based upcall now indicates which Kerberos encryption types are
supported by the kernel rpcsecgss code. This is used by gssd to
determine which encryption types it should attempt to negotiate
when creating a context with a server.
The server principal's database and keytab encryption types are
what limits what it should negotiate. Therefore, its keytab
should be created with only the enctypes listed by this file.
Currently we support des-cbc-crc, des-cbc-md4 and des-cbc-md5
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_mech.c')
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 8b612e73356..03f1dcddbd2 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -552,6 +552,7 @@ static struct gss_api_mech gss_kerberos_mech = { .gm_ops = &gss_kerberos_ops, .gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs), .gm_pfs = gss_kerberos_pfs, + .gm_upcall_enctypes = "enctypes=3,1,2 ", }; static int __init init_kerberos_module(void) |