Updating encryption types

Ken Raeburn raeburn at MIT.EDU
Mon Jul 4 23:57:42 EDT 2005


On Jul 4, 2005, at 16:29, Will Fiveash wrote:
> On Fri, Jul 01, 2005 at 02:52:55PM -0700, Phil Dibowitz wrote:
>> Is there a way to tell what encryption type is being used for the 
>> session
>> key? I'm assuming the "3 etypes {511 511 1}" means there are three 
>> encryption
>> types defined (which seems right)...  but then there's "etypes {rep=1 
>> tkt=1
>> ses=1}"  which I interpret to say the session key is type "1" (DES?).

The "3 etypes" bit should be for the encryption types the client 
indicates to the KDC that it supports (or that it wants used), in the 
request message.  (Though I don't know what 511 would be; in the MIT 
code, 0x1ff is ENCTYPE_UNKNOWN, but we shouldn't be transmitting that 
in any requests.  Are you actually seeing the above with an MIT 
client?)


>   Anyway, I know RFC 1510 has some
> of the older enctype IDs:

> and draft-raeburn-krb-rijndael-krb-05.txt has:

http://www.iana.org/assignments/kerberos-parameters has these now, btw, 
except for changing 0 from "NULL" to "reserved".  (Though the 
references are outdated and should point to RFCs; I've just asked IANA 
to fix that.)

Ken



More information about the Kerberos mailing list