Upgrading kerberos krb5

Jai jlamerto at scu.edu.au
Mon Feb 18 02:19:42 EST 2002


Hi,
I have a question regarding an upgrade from krb5-1.0.4 to krb5-1.2.2.
In my old db all my princs had 5 keys as below:

Number of keys: 5
Key: vno 6, DES cbc mode with CRC-32, no salt
Key: vno 6, DES cbc mode with CRC-32, Version 4
Key: vno 6, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 6, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 6, DES cbc mode with RSA-MD5, AFS version 3

Now that I'm using krb5-1.2.2 all new princ and any princ that has had
a password change end up with two, as below:

Number of keys: 2
Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 3, DES cbc mode with CRC-32, no salt

My kdc.conf has entries for the following encryption types:
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 des:normal
des:v4 des:norealm des:onlyrealm des:afs3

Where did the other 3 keys go?
And how come I now have a Triple DES cbc key?

Kind Regards,
Jai.



More information about the Kerberos mailing list