From 786eab65cefac69dfd38646437720f33994f8f47 Mon Sep 17 00:00:00 2001
From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 23 Apr 2024 13:13:20 +1200
Subject: s4:auth: Export AES128 gMSA keys along with AES256 keys by default

This is what an existing test expects.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/auth/kerberos/srv_keytab.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 4d5306d9002..a2f0d172e02 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -350,7 +350,7 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
 
 	supported_enctypes = ldb_msg_find_attr_as_uint(msg,
 						       "msDS-SupportedEncryptionTypes",
-						       ENC_HMAC_SHA1_96_AES256);
+						       ENC_STRONG_SALTED_TYPES);
 	/*
 	 * We trim this down to just the salted AES types, as the
 	 * passwords are now wrong for rc4-hmac due to the mapping of
-- 
cgit v1.2.3