[19682] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Incompatibility between krb's AES256-CTS-HMAC-SHA1-96 and

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Nov 10 01:43:05 2017

MIME-Version: 1.0
In-Reply-To: <CAK8_kVJZWpE2=2rbzDY7X9EM7r0Hy_qyE4w6wamURb6Dkxq4LQ@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 10 Nov 2017 08:42:41 +0200
Message-ID: <CAC-fF8RjMD=wNGojz3uLi+-kmUp5iYKQDqKSGsCYc77AYML4Tw@mail.gmail.com>
To: Ido Shlomo <shloim@gmail.com>
Cc: krbdev@mit.edu, Simo Sorce <simo@redhat.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On Fri, Nov 10, 2017 at 7:08 AM, Ido Shlomo <shloim@gmail.com> wrote:
> Thank you. I understand the options, but I am not familiar with tools that
> may do that automatically. (currently this entire process is automated using
> shell scripts).

If you know the salt and it is different than what ktutil uses, then
you may be able to build the ktutil from git master which let's you
specify the salt.
For troubleshooting, i'd still suggest to try kinit and see what salt
the actually is, like:
KRB5_TRACE=/dev/stdout kinit principal |grep salt

HTH
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post