From ad7bb0311c41449921ab82fdcfb8545e801f6429 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Fri, 25 Nov 2011 17:21:04 -0600
Subject: [PATCH] Rename and fix as/tgs-use-strongest-key config parameters

    Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.
---
 kdc/krb5tgs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 6da27dde2..a024efa2e 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1699,7 +1699,9 @@ server_lookup:
 	    Key *skey;
 
 	    ret = _kdc_find_etype(context,
-				  config->tgs_use_strongest_session_key, FALSE,
+				  krb5_principal_is_krbtgt(context, sp) ?
+				  config->tgt_use_strongest_session_key :
+				  config->svc_use_strongest_session_key, FALSE,
 				  server, b->etype.val, b->etype.len, &etype,
 				  NULL);
 	    if(ret) {
-- 
2.11.4.GIT