log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: retrieved data from ccache for %s", k5user);
increds.times.endtime = 0;
-
+
+ /* Since we're fetching a key for AFS, we have to use single DES
+ and explicitely enable weak crypto using the secret API
+ call */
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+ krb5_allow_weak_crypto (child.kcontext, 1);
if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) {
/* only complain once we've tried both afs@REALM and afs/cell@REALM */