Why does changing supported_enctypes not work?
John Hascall
john at iastate.edu
Fri Oct 10 08:43:50 EDT 2003
OK, thanks for the help so far on changing my enctypes.
Editing kdc.conf instead of krb5.conf was obviously a
big key. However, I don't seem to be getting quite
what I asked for.
In kdc.conf:
supported_enctypes = des-cbc-crc:v4 des-cbc-crc:normal
>From getprinc:
Key: vno 3, DES cbc mode with CRC-32, Version 4
Key: vno 3, DES cbc mode with CRC-32, no salt
^^^^^^^
I was expecting this 2nd one to say:
Key: vno 3, DES cbc mode with CRC-32, Version 5
^^^^^^^^^
(which is what the VPN docs say I should see)
and since I see this in the code (in lib/krb5/krb/str_conv.c):
static const struct salttype_lookup_entry salttype_table[] = {
/* salt type input specifier output string */
/*----------------------------- --------------- ---------------*/
{ KRB5_KDB_SALTTYPE_NORMAL, "normal", "Version 5" }, <===
{ KRB5_KDB_SALTTYPE_V4, "v4", "Version 4" },
{ KRB5_KDB_SALTTYPE_NOREALM, "norealm", "Version 5 - No Realm" },
{ KRB5_KDB_SALTTYPE_ONLYREALM, "onlyrealm", "Version 5 - Realm Only" },
{ KRB5_KDB_SALTTYPE_SPECIAL, "special", "Special" },
{ KRB5_KDB_SALTTYPE_AFS3, "afs3", "AFS version 3" }
};
This appears to be somehow related to this
code (in kadmin/cli/kadmin.c):
if (key_data->key_data_ver > 1) {
if (krb5_salttype_to_string(key_data->key_data_type[1],
salttype, sizeof(salttype)))
sprintf(salttype, "<Salt type 0x%x>",
key_data->key_data_type[1]);
printf("%s\n", salttype);
} else
printf("no salt\n");
so what is 'key_data->key_data_ver' and is it relevant here?
Thanks again,
John
More information about the Kerberos
mailing list