Encryption key type order w. windows auth?

Jeffrey Hutzelman jhutz at cmu.edu
Thu Jun 17 20:22:10 EDT 2004

On Thursday, June 17, 2004 18:27:42 -0400 David Botsch 
<dwb7 at ccmr.cornell.edu> wrote:

> I've found that windows seems to somehow care about the order of the
> key/salt types in the principal.

> Key: vno 11, DES cbc mode with CRC-32, AFS version 3

This isn't just a different salt string; it's actually a different 
string-to-key algorithm.  And Windows doesn't know about it.  That means it 
will never be able to come up with this key.

You should not depend on the "ordering" you're seeing here; logically, it's 
an unordered set.  If you have Windows users, they will need to not have 
AFS-salted keys.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

More information about the Kerberos mailing list