des_cbc_crc -> des_cbc_md5

yo timo bacolod85 at yahoo.com
Fri Apr 4 09:39:59 EST 2003 

I read about the fact that crc is not collision-proof whereas md5 is.  Can anyone comment on the benefit of using md5 over crc for Kerberos keys?

If I set up my KDC's and all principals with des_cbc_crc keys but now desire to use des_cbc_md5 do I have to start from scratch?

I know 3des is better,  Unfortunately I'm dealing with devices that only support des.

-bacolod



---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and moreeFrom mattw at csh.rit.edu Fri Apr  4 09:58:43 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h34Ewhjc000707
	for <kerberos at PCH.mit.edu>; Fri, 4 Apr 2003 09:58:43 -0500 (EST)
Received: from blacksheep.csh.rit.edu (blacksheep.csh.rit.edu [129.21.60.6])
	h34EwgPC017306
	for <kerberos at mit.edu>; Fri, 4 Apr 2003 09:58:42 -0500 (EST)
Received: from fury.csh.rit.edu (fury.csh.rit.edu
	[2001:470:1f00:135:a00:20ff:fe8d:5399])
	by blacksheep.csh.rit.edu (Postfix) with ESMTP id C2CED279
	for <kerberos at mit.edu>; Fri,  4 Apr 2003 09:58:41 -0500 (EST)
Received: by fury.csh.rit.edu (Postfix, from userid 20937)
	id 8015311A9; Fri,  4 Apr 2003 09:58:50 -0500 (EST)
Date: Fri, 4 Apr 2003 09:58:49 -0500
From: Matthew Wronkowski <mattw at csh.rit.edu>
To: kerberos at mit.edu
Message-ID: <20030404145849.GA3954 at csh.rit.edu>
Mail-Followup-To: kerberos at mit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Operating-System: SunOS 5.9 (sun4u)
User-Agent: Mutt/1.5.3i
Subject: OpenSSH on Solaris 9 credential cache problem
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Fri, 04 Apr 2003 14:58:43 -0000

I'm seeing strange and annoying problem.  I have three Solaris 9 (sparc)
servers, two running OpenSSH_3.6.1p1, and one running 3.4p1.  On the two
servers running 3.6.1p1 if two concurrent ssh sessions are brought up, then one
is exited, the /tmp/krb5* file is removed and the user will have kinit in the 
remaining session.  The 3.4p1 server does not delete this file until the last
session is exited (as it should). Telnet to these machines also works fine.
I saw this issue in versions previous to 3.4. 

Has anyone had similar experiences?  I don't see a configuration difference in
sshd_config. Could it be a problem with PAM?

-- 
Matthew Wronkowski, CCNP

More information about the Kerberos mailing list