What is 'flavor'?
Tom Yu
tlyu at MIT.EDU
Tue Aug 9 22:07:16 EDT 2005
>>>>> "mikef" == Mike Friedman <mikef at ack.berkeley.edu> writes:
mikef> I've just set up a 1.4.1 KDC and I notice what appears to be new
mikef> information in kadmind log messages, namely, 'flavor=nnnnn'. I don't
mikef> think I've seen this on my current production KDC, which is 1.3.4.
mikef> So, some questions:
mikef> o What does 'flavor' mean in this context?
That would be the ONCRPC authentication flavor.
mikef> o Is this information, in particular the meaning of specific flavor
mikef> values, documented?
mikef> So far, I've seen the following values for 'flavor': 6 and
mikef> 300001. The former corresponds to an interactive kadmin
mikef> authentication; the latter to a kadmin using a keytab. But thus far
mikef> I have no further information, so I'm hoping someone can enlighten me.
6 is RPCSEC_GSS, which is the IETF standards-track authentication
flavor for using GSSAPI in RPC. 300001 would be the AUTH_GSSAPI
flavor developed by OpenVision, which is not standards-track. See
RFCs 1831, 1832, 2203, etc. for details.
I'm not quite sure why you're seeing 300001 when using a keytab.
Exactly how are you invoking kadmin using a keytab? And which release
are you running on the kadmin client? RPCSEC_GSS (flavor 6) should
be used in preference to 300001 by modern MIT krb5.
---Tom
More information about the Kerberos
mailing list