Encryption key type order w. windows auth?
Sam Hartman
hartmans at MIT.EDU
Tue Jun 22 07:02:27 EDT 2004
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:
Jeffrey> You should not depend on the "ordering" you're seeing
Jeffrey> here; logically, it's an unordered set. If you have
Jeffrey> Windows users, they will need to not have AFS-salted
Jeffrey> keys.
Last time I checked the keys in the kdb are very much an ordered set,
or at least there is a distinguished key used for requests without
preauthentication and a distinguished key used by the KDC for a
principal as a server and our implementation selects these
distinguished keys based on order.
You have several options for fixing the problem:
* Set the preauth_required attribute and make sure you have a 1.3.x KDC.
* Order the keys so the afs3 keys and v4 salted keys come last.
More information about the Kerberos
mailing list