Encryption Type Parsing of krb5.conf - Case Sensitive

[cnigh]

Description Morning, I've been working to write a SPNEGO HTTP client by using a provided krb5.conf and a keytab for client.NewWithKeytab().

Through the testing, it worked well on my laptop (macos) but was having issues with it on my Oracle Linux 7.9 servers. On the Linux servers, I kept getting no support for encryption type error messages: 2023/08/11 09:55:17 could not login client: [Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (14) KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type

Upon inspecting my krb5.conf, I noticed that the linux server had specified several encryption types as preferred where as my laptop did not:

[libdefaults]
 default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
 default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
 preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC

Reproduction Steps

• When specified with AES256-CTS AES128-CTS, I get the error about no supported encryption type
• When I removed the enctype specifications, no error.
• When I specified enctype as aes256-cts aws128-cts, no error

Question/Bug It seems that the encryption types are made case-sensitive by this function: https://github.com/jcmturner/gokrb5/blob/855dbc707a37a21467aef6c0245fcf3328dc39ed/iana/etypeID/constants.go#L91

Since linux does not seem to have issues with the upper-case encryption types, should the look up of the type be converted to lowercase before look up?

Data

• The version of gokrb5 being used (vX.Y.Z or master or branch name): v8.4.4
• The version of Go being used (output of the go version command is handy): go version go1.20.6 darwin/amd64
• Details of the environment in which you are seeing the issue: KDC is an MS Active Directory