HCoop / hcoop / debian / libapache-mod-waklog.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Enable weak crypto using secret API for openafs.
[hcoop/debian/libapache-mod-waklog.git] / mod_waklog.c
diff --git a/mod_waklog.c b/mod_waklog.c
index 023028b..bf1becf 100644 (file)
--- a/mod_waklog.c
+++ b/mod_waklog.c
@@ -545,8 +545,12 @@ set_auth ( server_rec *s, request_rec *r, int self, char *principal, char *keyta
       log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "mod_waklog: retrieved data from ccache for %s", k5user);
       
       increds.times.endtime = 0;
-      
+
+      /* Since we're fetching a key for AFS, we have to use single DES
+        and explicitely enable weak crypto using the secret API
+        call */
       increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+      krb5_allow_weak_crypto (child.kcontext, 1);
       
       if ( ( kerror = krb5_get_credentials (child.kcontext, 0, clientccache, &increds, &v5credsp ) ) ) {
         /* only complain once we've tried both afs@REALM and afs/cell@REALM */
libapache-mod-waklog packaging