Encryption key type order w. windows auth?
David Botsch
dwb7 at ccmr.cornell.edu
Thu Jun 17 18:27:42 EDT 2004
Hi.
Trying to get Windows auth to a MIT kdc working.
I've found that windows seems to somehow care about the order of the key/salt
types in the principal.
eg:
kadmin: getprinc bozo
Principal: bozo at MSC.CORNELL.EDU
Expiration date: [never]
Last password change: Thu Jun 17 15:43:08 EDT 2004
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Thu Jun 17 15:43:08 EDT 2004 (admin/admin at MSC.CORNELL.EDU)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 11, DES cbc mode with CRC-32, no salt
Key: vno 11, DES cbc mode with CRC-32, AFS version 3
Attributes:
Policy: [none]
with the above, authentication works.
BUT
kadmin: getprinc bozo
Principal: bozo at MSC.CORNELL.EDU
Expiration date: [never]
Last password change: Thu Jun 17 15:43:08 EDT 2004
Password expiration date: [none]
Maximum ticket life: 30 days 00:00:00
Maximum renewable life: 30 days 00:00:00
Last modified: Thu Jun 17 15:43:08 EDT 2004 (admin/admin at MSC.CORNELL.EDU)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 12, DES cbc mode with CRC-32, AFS version 3
Key: vno 12, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
with the above setup, authentication does NOT work.
Any thoughts?
Thanks!
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7 at ccmr.cornell.edu
********************************
More information about the Kerberos
mailing list