From ffdd0a86ac9cb5fbee67d27958b65872873a009b Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 13 Nov 2012 16:23:52 +0100
Subject: [PATCH] s3-kerberos: also try with AES keys, when decrypting tickets.

Guenther

The last 3 patches address bug #9272 - net ads join does not provide AES keys
in host keytab.
---
 source3/libads/kerberos_verify.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index d4c68cd0b09..56daf8fb3c9 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -344,6 +344,12 @@ static krb5_error_code ads_secrets_verify_ticket(krb5_context context,
 	/* Let's make some room for 2 password (old and new)*/
 	krb5_data passwords[2];
 	krb5_enctype enctypes[] = {
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+		ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
 		ENCTYPE_ARCFOUR_HMAC,
 		ENCTYPE_DES_CBC_CRC,
 		ENCTYPE_DES_CBC_MD5,
-- 
2.11.4.GIT