key salting and kerberos v5
Sam Hartman
hartmans at MIT.EDU
Sun Apr 27 19:54:59 EDT 2003
>>>>> "Calimer0" == Calimer0 <cryos98 at yahoo.com> writes:
Calimer0> from kerberos FAQ 2.0:
>> In Kerberos 5 the complete principal name (including the realm)
>> is used as the salt
Calimer0> but listing principals properties with kadmin what I see
Calimer0> is:
Calimer0> [...] Key: vno 1, triple DES cbc mode with HMAC/sha1,
Calimer0> no salt Key: vno 1, DES cbc mode with CRC-32, no salt
Calimer0> [...]
Calimer0> I thought that key salting was the default behaviour,
It is. Kadmin should really say default salt not no salt. That's
what it actually means.
It says no salt because there is no salt tuple associated with the key
entry. When no such tuple exists, then the default salt is used.
More information about the Kerberos
mailing list