])
])
+ dnl Version 1.18 removed support for all DES3 enctypes (des3-cbc-raw,
+ dnl des3-hmac-sha1, des3-cbc-sha1-kd).
+ AC_MSG_CHECKING([for DES3 enctype support by krb5])
+ if test $K5VERS -lt 1180; then
+ AC_DEFINE(HAVE_DES3_SUPPORT, 1,
+ [DES3 enctype is supported by krb5])
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+
dnl If they specified a directory and it didn't work, give them a warning
if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
AC_MSG_WARN([
.ke_hash_size = 16,
.ke_conf_size = 8,
},
+#ifdef HAVE_DES3_SUPPORT
[ENCTYPE_DES3_CBC_RAW] = { /* des3-hmac-sha1 */
.ke_dispname = "des3-hmac-sha1",
.ke_enc_name = "cbc(des3_ede)",
.ke_conf_size = 8,
.ke_hash_hmac = 1,
},
+#endif
[ENCTYPE_AES128_CTS_HMAC_SHA1_96] = { /* aes128-cts */
.ke_dispname = "aes128-cts-hmac-sha1-96",
.ke_enc_name = "cbc(aes)",
* structures located in libk5crypto
*/
extern void *krb5int_enc_arcfour;
+#ifdef HAVE_DES3_SUPPORT
extern void *krb5int_enc_des3;
+#endif
extern void *krb5int_enc_aes128;
extern void *krb5int_enc_aes256;
* values and structures located in libk5crypto
*/
switch (in->type) {
+#ifdef HAVE_DES3_SUPPORT
case ENCTYPE_DES3_CBC_SHA1:
#ifdef HAVE_KRB5
case ENCTYPE_DES3_CBC_RAW:
enc = &krb5int_enc_des3;
#endif
break;
+#endif
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
keylength = 16;
#ifdef HAVE_KRB5
#define KEY_USAGE_SEED_CHECKSUM 0x99
#define K5CLENGTH 5
+#ifdef HAVE_DES3_SUPPORT
extern void krb5_enc_des3;
extern void krb5int_enc_des3;
+#endif
extern void krb5int_enc_arcfour;
extern void krb5int_enc_aes128;
extern void krb5int_enc_aes256;
void *enc;
switch (in->enctype) {
-#ifdef ENCTYPE_DES3_CBC_RAW
+#if defined ENCTYPE_DES3_CBC_RAW && defined HAVE_DES3_SUPPORT
case ENCTYPE_DES3_CBC_RAW:
keylength = 24;
/* Extra hack, the structure was renamed as rc4 was added... */