The discussion was via private email. In short, the existing code's call to krb5_set_default_in_tkt_etypes() with a second argument that may be NULL is a sneaky way of avoiding the situation where using a restricted credential will restrict all credentials in the current thread. It fixes one bit of undesirable behaviour in a way that causes different undesirable behaviour.
Upstream believes that the current behaviour (not over-restricting credentials in a thread) is more desirable than not throwing away the list of configured enctypes, but agrees that both problems need to be solved the right way, simultaneously. So we're kind of stuck until one of us gets around to creating a better patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/849349 Title: libgssapi2-heimdal init_auth() discards configured enctypes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/849349/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
