Use the long enctype name for aes256-cts-hmac-sha1-96

Heimdal requires the full name and doesn't support the short name that
MIT has as an alias.  Change the documentation to use the long name
uniformly.

5 files changed, 23 insertions, 21 deletions

diff --git a/client/wallet.pod b/client/wallet.pod
index 6451e72..9908bb1 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -374,9 +374,9 @@ Keytab objects support the following attributes:
 
 Restricts the generated keytab to a specific set of encryption types.  The
 values of this attribute must be enctype strings recognized by Kerberos
-(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should
-not be included; since the salt is irrelevant for keytab keys, it will
-always be set to C<normal> by the wallet.
+(strings like C<aes256-cts-hmac-sha1-96> or C<des-cbc-crc>).  Note that
+the salt should not be included; since the salt is irrelevant for keytab
+keys, it will always be set to C<normal> by the wallet.
 
 If this attribute is set, the specified enctype list will be passed to ktadd
 when get() is called for that keytab.  If it is not set, the default set in
diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index 5c01ee3..65ddf4b 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -63,7 +63,7 @@ Wallet::Kadmin - Kadmin module wrapper for wallet keytabs
 
     my $kadmin = Wallet::Kadmin->new ();
     $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts");
+    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
     $kadmin->delprinc ("host/oldshell.example.com") if $exists;
 
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm
index 2ca8dcd..428202b 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/Wallet/Kadmin/Heimdal.pm
@@ -1,7 +1,7 @@
 # Wallet::Kadmin::Heimdal -- Heimdal Kadmin interactions for the wallet.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
 #
 # See LICENSE for licensing terms.
 
@@ -238,7 +238,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs
 
     my $kadmin = Wallet::Kadmin::MIT->new ();
     $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts");
+    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
     $kadmin->delprinc ("host/oldshell.example.com") if $exists;
 
@@ -282,10 +282,11 @@ reality.
 
 =item ktadd(PRINCIPAL, FILE, ENCTYPES)
 
-Creates a new keytab for the given principal, as the given file, limited to
-the enctypes supplied.  The enctype values must be enctype strings recognized
-by Kerberos (strings like C<aes256-cts> or C<des-cbc-crc>).  An error is
-thrown on failure or if the creation fails, otherwise true is returned.
+Creates a new keytab for the given principal, as the given file, limited
+to the enctypes supplied.  The enctype values must be enctype strings
+recognized by Kerberos (strings like C<aes256-cts-hmac-sha1-96> or
+C<des-cbc-crc>).  An error is thrown on failure or if the creation fails,
+otherwise true is returned.
 
 =back
 
@@ -305,7 +306,6 @@ from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHORS
 
-Russ Allbery <rra@stanford.edu>
-Jon Robertson <jonrober@stanford.edu>
+Russ Allbery <rra@stanford.edu> and Jon Robertson <jonrober@stanford.edu>.
 
 =cut
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index c3ad901..49691b0 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -2,7 +2,8 @@
 #
 # Written by Russ Allbery <rra@stanford.edu>
 # Pulled into a module by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2007, 2008, 2009 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2009, 2010
+#     Board of Trustees, Leland Stanford Jr. University
 #
 # See LICENSE for licensing terms.
 
@@ -233,7 +234,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs
 
     my $kadmin = Wallet::Kadmin::MIT->new ();
     $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts");
+    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
     $kadmin->delprinc ("host/oldshell.example.com") if $exists;
 
@@ -277,10 +278,11 @@ reality.
 
 =item ktadd(PRINCIPAL, FILE, ENCTYPES)
 
-Creates a new keytab for the given principal, as the given file, limited to
-the enctypes supplied.  The enctype values must be enctype strings recognized
-by Kerberos (strings like C<aes256-cts> or C<des-cbc-crc>).  An error is
-thrown on failure or if the creation fails, otherwise true is returned.
+Creates a new keytab for the given principal, as the given file, limited
+to the enctypes supplied.  The enctype values must be enctype strings
+recognized by Kerberos (strings like C<aes256-cts-hmac-sha1-96> or
+C<des-cbc-crc>).  An error is thrown on failure or if the creation fails,
+otherwise true is returned.
 
 =back
 
diff --git a/server/wallet-backend b/server/wallet-backend
index 448f175..2b58255 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -558,9 +558,9 @@ Keytab objects support the following attributes:
 
 Restricts the generated keytab to a specific set of encryption types.  The
 values of this attribute must be enctype strings recognized by Kerberos
-(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should
-not be included; since the salt is irrelevant for keytab keys, it will
-always be set to C<normal> by the wallet.
+(strings like C<aes256-cts-hmac-sha1-96> or C<des-cbc-crc>).  Note that
+the salt should not be included; since the salt is irrelevant for keytab
+keys, it will always be set to C<normal> by the wallet.
 
 If this attribute is set, the specified enctype list will be passed to ktadd
 when get() is called for that keytab.  If it is not set, the default set in