netapp, nfs, kerberos, and ldap
Sam Hartman
hartmans at MIT.EDU
Wed Apr 6 14:36:18 EDT 2005
>>>>> "Mark" == Mark Dieterich <mkd at cs.brown.edu> writes:
Mark> encryption. I'm clearly missing something here. I thought
Mark> that kerberos would provide the least common denominator for
Mark> encryption type, i.e. we could have our database be
Mark> encrypted with des3-hmac-sha1, with des-cgc-crc encrypted
Mark> tickets stored in it. As long as all the tickets for a
Mark> particular service are des-cgc-crc encrypted, the
Mark> clients/servers would get des-cgc-crc encrypted tickets.
Mark> Can you set me straight?
I thought the same thing. If your service (nfs/hostname) has only a
des-cbc-crc key, then the ticket key and session key should both be
des-cbc-crc. I'd look at your KDC log and see what's being issued.
Sam Hartman
MIT Kerberos Team
MIt Information Services and Technology
More information about the Kerberos
mailing list