[28867] in Kerberos
Re: Kerberos Digest, Vol 60, Issue 9
daemon@ATHENA.MIT.EDU (Steve Devine)
Mon Dec 10 18:30:13 2007
From: Steve Devine <devine.steve@gmail.com>
Date: Mon, 10 Dec 2007 15:16:15 -0800 (PST)
Message-ID: <2801f75f-46d3-4867-9208-ed1098c4c645@i29g2000prf.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Dec 10, 10:11 am, Jeff Blaine <jbla...@kickflop.net> wrote:
> > ...
> >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3
> > ...
> > ^^^^^^^^^^^^^
>
> > Have you tried using other salt types?
>
> > -Marcus Watts
>
> I'm afraid I don't have that luxury, if I understand you
> correctly. We have 900+ principals imported from AFS with keys
> as above. Currently this is all in testing and this is a report
> of a snag in the testing. Since it all works fine under Solaris
> 9 with MIT Kerberos, I consider this a problem with MIT Kerberos
> as delivered in RHEL3, or something else outside of my current
> knowledge.
We imported 100,000 plus users into kerberos5 from AFS and it all
worked fine. After the import we expanded the enctypes and it did not
affect the existing users. Just don't take out the single des entry.
When you do a a getprinc on a principal after they have reset their
password you will see that they have multiple enctypes associated with
their principal. The client that auths against the kdc will negotiate
itself to the enctype it chooses.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
