[krbdev.mit.edu #5958] kadmin enctype naming for DES is deceptive
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Thu May 1 02:28:25 EDT 2008
In the current kadmin, "DES cbc mode with CRC-32, no salt" is in fact
salted with the default v5 salt method, whereas "DES cbc mode with
CRC-32, Version 4" is actually not salted.
I don't think this could be more confusing if it was designed to be as
confusing as possible. :)
Solving 5014 would help here, but only partly. The basic problem is
that :normal does not actually mean no salt, but that's how it's
displayed. Perhaps that string in the kadmin client should be changed
to "default salt" instead?
More information about the krb5-bugs
mailing list