Michael Bell michael.bell at cms.hu-berlin.de
Wed Oct 22 05:18:31 EDT 2003


I have a problem with fakeka. I want to run it on a KDC which encrypts 
it's master key with DES3-HMAC-SHA1. I checked the source code of fakeka 
and see that it only supports DES-CBC-CRC. Does there be a special 
reason to not add a switch -e which accepts the options des and des3?

It is really easy to change the source code and to add the option (only 
another case statement and an additional variable) but I'm not sure 
about the side effects. The function get_princ_key includes a comment 
which explicitly enforces DES. Is there be a problem with DES3 and AFS 
(or better clients which think they talk with kaserver)?

Greetings Michael

More information about the Kerberos mailing list