DES vs DES3 problem
Tom Yu
tlyu at MIT.EDU
Fri Jul 19 19:52:29 EDT 2002
>>>>> "mllau2002" == Monica Lau <mllau2002 at yahoo.com> writes:
mllau2002> I have a KDC client (luke) that is trying to authenticate
mllau2002> with the KDC server. The client is expecting a DES session
mllau2002> key encryption type. However, the server is issuing a DES3
mllau2002> session key. So, the client doesn't like the key and
mllau2002> constantly ask the KDC server for a new key. (This problem
mllau2002> occurs on both the KDCs that have been ported to Linux and
mllau2002> the Lynx OS.) I have these lines in the krb.conf and
mllau2002> kdc.conf files:
mllau2002> krb.conf:
mllau2002> default_tgs_enctypes = des-cbc-crc
mllau2002> default_tkt_enctypes = des-cbc-crc
mllau2002> kdc.conf:
mllau2002> supported_enctypes = des-cbc-crc:normal
mllau2002> kdc_supported_enctypes = des-cbc-crc:normal
mllau2002> Does anyone know why the KDC would constantly send DES3
mllau2002> session key when we specified that we want DES? Here's the
mllau2002> log message from the krb5kdc.log file:
mllau2002> Jul 19 12:09:49 mlau krb5kdc[65](info): AS_REQ (1 etypes {1}) Client's_IP(39
mllau2002> 848): ISSUE: authtime 1027105789, etypes {rep=1 tkt=1 ses=1}, luke at REALMNAME
mllau2002> for krbtgt at REALMNAME
This means that des-cbc-crc is the only entype asked for, and is the
only enctype issued. Where exactly are you seeing the problem? What
makes you think that a DES3 enctype is involved?
Also, it would help a lot if you were to tell us what krb5 release
you're running on the KDC and the client.
---Tom
More information about the Kerberos
mailing list