key extraction for AFS kaserver

Andrew Bacchi bacchi at rpi.edu
Thu Apr 15 14:43:40 EDT 2004


I'm trying to extract a K5 key for afs.  The encryption type seems to be
invalid.

kadmin:  ktadd -e des-cbc-crc afs at WEB.RPI.EDU
ktadd: Invalid argument while parsing keysalts des-cbc-crc

However, if I remove the enctype it writes a DES and DES3 key.

kadmin:  ktadd afs at WEB.RPI.EDU
Entry for principal afs at WEB.RPI.EDU with kvno 1, encryption type Triple
DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal afs at WEB.RPI.EDU with kvno 1, encryption type DES cbc
mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.

Is this a salt problem?  Can I add one of these keys to my AFS kaserver
using asetkey?  Must I use -e des-cbc-crc?

-- 
Facade: Provide a unified interface to a set of interfaces in a
subsystem.

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/



More information about the Kerberos mailing list