Updating encryption types
Ken Raeburn
raeburn at MIT.EDU
Mon Jul 4 23:57:42 EDT 2005
On Jul 4, 2005, at 16:29, Will Fiveash wrote:
> On Fri, Jul 01, 2005 at 02:52:55PM -0700, Phil Dibowitz wrote:
>> Is there a way to tell what encryption type is being used for the
>> session
>> key? I'm assuming the "3 etypes {511 511 1}" means there are three
>> encryption
>> types defined (which seems right)... but then there's "etypes {rep=1
>> tkt=1
>> ses=1}" which I interpret to say the session key is type "1" (DES?).
The "3 etypes" bit should be for the encryption types the client
indicates to the KDC that it supports (or that it wants used), in the
request message. (Though I don't know what 511 would be; in the MIT
code, 0x1ff is ENCTYPE_UNKNOWN, but we shouldn't be transmitting that
in any requests. Are you actually seeing the above with an MIT
client?)
> Anyway, I know RFC 1510 has some
> of the older enctype IDs:
> and draft-raeburn-krb-rijndael-krb-05.txt has:
http://www.iana.org/assignments/kerberos-parameters has these now, btw,
except for changing 0 from "NULL" to "reserved". (Though the
references are outdated and should point to RFCs; I've just asked IANA
to fix that.)
Ken
More information about the Kerberos
mailing list