Encryption key type order w. windows auth?
David Botsch
dwb7 at ccmr.cornell.edu
Thu Jun 17 21:49:34 EDT 2004
Ok... however, since Windows can come up with the other string to key
algorithm, why does authentication not work?
On Thu, Jun 17, 2004 at 08:22:10PM -0400, Jeffrey Hutzelman wrote:
>
>
> On Thursday, June 17, 2004 18:27:42 -0400 David Botsch
> <dwb7 at ccmr.cornell.edu> wrote:
>
> >I've found that windows seems to somehow care about the order of the
> >key/salt types in the principal.
>
>
> >Key: vno 11, DES cbc mode with CRC-32, AFS version 3
>
> This isn't just a different salt string; it's actually a different
> string-to-key algorithm. And Windows doesn't know about it. That means it
> will never be able to come up with this key.
>
> You should not depend on the "ordering" you're seeing here; logically, it's
> an unordered set. If you have Windows users, they will need to not have
> AFS-salted keys.
>
> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
> Sr. Research Systems Programmer
> School of Computer Science - Research Computing Facility
> Carnegie Mellon University - Pittsburgh, PA
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7 at ccmr.cornell.edu
********************************
More information about the Kerberos
mailing list