Encryption key type order w. windows auth?

David Botsch dwb7 at ccmr.cornell.edu
Thu Jun 17 21:49:34 EDT 2004


Ok... however, since Windows can come up with the other string to key
algorithm, why does authentication not work?

On Thu, Jun 17, 2004 at 08:22:10PM -0400, Jeffrey Hutzelman wrote:
> 
> 
> On Thursday, June 17, 2004 18:27:42 -0400 David Botsch 
> <dwb7 at ccmr.cornell.edu> wrote:
> 
> >I've found that windows seems to somehow care about the order of the
> >key/salt types in the principal.
> 
> 
> >Key: vno 11, DES cbc mode with CRC-32, AFS version 3
> 
> This isn't just a different salt string; it's actually a different 
> string-to-key algorithm.  And Windows doesn't know about it.  That means it 
> will never be able to come up with this key.
> 
> You should not depend on the "ordering" you're seeing here; logically, it's 
> an unordered set.  If you have Windows users, they will need to not have 
> AFS-salted keys.
> 
> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
>   Sr. Research Systems Programmer
>   School of Computer Science - Research Computing Facility
>   Carnegie Mellon University - Pittsburgh, PA

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7 at ccmr.cornell.edu
********************************


More information about the Kerberos mailing list