aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
should have a higher priority than arcfour-hmac-md5,
otherwise the KDC still gives us arcfour-hmac-md5 session keys.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
krb5_ccache ccdef = NULL;
krb5_auth_context auth_context = NULL;
krb5_enctype enc_types[] = {
- ENCTYPE_ARCFOUR_HMAC,
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_DES_CBC_CRC,
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
- ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#endif
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_CRC,
ENCTYPE_NULL};
initialize_krb5_error_table();