Encryption key type order w. windows auth?
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Jun 18 11:37:56 EDT 2004
On Thursday, June 17, 2004 21:49:34 -0400 David Botsch
<dwb7 at ccmr.cornell.edu> wrote:
> Ok... however, since Windows can come up with the other string to key
> algorithm, why does authentication not work?
Because when it constructs an AS-REP, the KDC gets to choose which of the
user's keys will be used, subject only to constraints the client provides
about what enctypes it can handle. There's no way for the client to say "I
can't handle the AFS string-to-key; don't use it", so the KDC is free to
choose that key.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list