MIT-Heimdal interop issues
Andrew Bartlett
abartlet at samba.org
Sat Jul 24 19:41:24 EDT 2004
On Sun, 2004-07-25 at 01:22, Sam Hartman wrote:
> >>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:
>
> Kevin> Ignore me. I wasn't restarting my client between changes
> Kevin> of krb5.conf. After restarting the client, it seems to be
> Kevin> honoring the config file options and negotiating a
> Kevin> des-cbc-crc service ticket.
>
> It's really kind of unfortunate that your kernel module does not
> support des-cbc-md4. Asking people to change their krb5.confs is
> unacceptable from an administration stand point, because they won't
> remember to remove the changes when their site starts supporting 3des
> or aes.
>
>
> Unfortunately your module seems to be the only thing that doesn't
> support des-cbc-md4.
More of a worry to me is the lack of support for rc4-hmac-md5. Sites
playing with Samba/Heimdal integration, and sites using Active Directory
often simply have no other keytypes reliably available!
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040725/87eee694/attachment.bin
More information about the Kerberos
mailing list