Re: Kerberos Digest, Vol 60, Issue 9 - Kerberos

This is a discussion on Re: Kerberos Digest, Vol 60, Issue 9 - Kerberos ; > ... >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3 > ... > ^^^^^^^^^^^^^ > > Have you tried using other salt types? > > -Marcus Watts I'm afraid I don't have that luxury, if I ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Kerberos Digest, Vol 60, Issue 9

  1. Re: Kerberos Digest, Vol 60, Issue 9

    > ...
    >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3

    > ...
    > ^^^^^^^^^^^^^
    >
    > Have you tried using other salt types?
    >
    > -Marcus Watts


    I'm afraid I don't have that luxury, if I understand you
    correctly. We have 900+ principals imported from AFS with keys
    as above. Currently this is all in testing and this is a report
    of a snag in the testing. Since it all works fine under Solaris
    9 with MIT Kerberos, I consider this a problem with MIT Kerberos
    as delivered in RHEL3, or something else outside of my current
    knowledge.

  2. Re: Kerberos Digest, Vol 60, Issue 9

    On Dec 10, 10:11 am, Jeff Blaine wrote:
    > > ...
    > >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3

    > > ...
    > > ^^^^^^^^^^^^^

    >
    > > Have you tried using other salt types?

    >
    > > -Marcus Watts

    >
    > I'm afraid I don't have that luxury, if I understand you
    > correctly. We have 900+ principals imported from AFS with keys
    > as above. Currently this is all in testing and this is a report
    > of a snag in the testing. Since it all works fine under Solaris
    > 9 with MIT Kerberos, I consider this a problem with MIT Kerberos
    > as delivered in RHEL3, or something else outside of my current
    > knowledge.


    We imported 100,000 plus users into kerberos5 from AFS and it all
    worked fine. After the import we expanded the enctypes and it did not
    affect the existing users. Just don't take out the single des entry.
    When you do a a getprinc on a principal after they have reset their
    password you will see that they have multiple enctypes associated with
    their principal. The client that auths against the kdc will negotiate
    itself to the enctype it chooses.

+ Reply to Thread