krb5 with java (JAAS) problem identified... sort of
Sam Hartman
hartmans at MIT.EDU
Fri Nov 14 22:52:29 EST 2003
>>>>> "david" == david <david at cobite.com> writes:
david> (1.2.2 and 1.2.7 respectively) using Java (sun jdk 1.4.2
david> While I don't know the cause, I know a workaround. When
david> initially configuring the krb5 kdc, you must place
david> des-cbc-crc:normal before des-cbc-crc:v4, or simply remove
david> des-cbc-crc:v4 from the kdc.conf file (supported_enctypes
david> in [realms] stanza)
david> After changing this, it all works fine for me. It's either
david> a bug in the v4 salt handling in krb5 or java it would
david> seem. But who knows...
I'd guess a bug in the Java stuff. That's one of the common things to
get wrong when implementing Kerberos. But moving your v4 salted key
later should be completely harmless.
More information about the Kerberos
mailing list