--- old/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java 2013-05-27 09:50:05.000000000 +0800 +++ new/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java 2013-05-27 09:50:05.000000000 +0800 @@ -279,8 +279,7 @@ /** * Reads all keys for a service from the keytab file that have - * etypes that have been configured for use. If there are multiple - * keys with same etype, the one with the highest kvno is returned. + * etypes that have been configured for use. * @param service the PrincipalName of the requested service * @return an array containing all the service keys, never null */ @@ -313,35 +312,12 @@ size = keys.size(); EncryptionKey[] retVal = keys.toArray(new EncryptionKey[size]); - // Sort keys according to default_tkt_enctypes - if (DEBUG) { - System.out.println("Ordering keys wrt default_tkt_enctypes list"); - } - - final int[] etypes = EType.getDefaults("default_tkt_enctypes"); - - // Sort the keys, k1 is preferred than k2 if: - // 1. k1's etype appears earlier in etypes than k2's - // 2. If same, k1's KVNO is higher + // Sort the keys by kvno. Sometimes we must choose a single key (say, + // generate encrypted timestamp in AS-REQ). A key with a higher KVNO + // sounds like a newer one. Arrays.sort(retVal, new Comparator() { @Override public int compare(EncryptionKey o1, EncryptionKey o2) { - if (etypes != null) { - int o1EType = o1.getEType(); - int o2EType = o2.getEType(); - if (o1EType != o2EType) { - for (int i=0; i