[krbdev.mit.edu #2545] AFS string_to_key broken for passwords > 8 chars

bbense@slac.stanford.edu via RT rt-comment at krbdev.mit.edu
Fri Apr 30 18:20:15 EDT 2004


On Thu, 29 Apr 2004, Sam Hartman via RT wrote:

>
> One work around might be to convince the Heimdal KDC to send the
> appropriate etype_info2 s2kparams to indicate that the AFS3 salt
> should be used.  If your KDC does this, our code should do the right
> thing.
>

_ Even for 8 char and less passwords? I'm not seeing how that
could happen since the right algorithm is only in
mit_afs_string_to_key and that is only called in one
place. I agree it would work for 9 char password, but there
is no way for the KDC to know the length of your password.

_ Is there some code path I'm missing?

_ Booker C. Bense


More information about the krb5-bugs mailing list