Updating encryption types

Phil Dibowitz phil at usc.edu
Wed Jul 6 18:40:41 EDT 2005


On Tue, Jul 05, 2005 at 01:48:54PM -0700, Phil Dibowitz wrote:
> from kadmin, great (though is that "no salt" supposed to be there?)!
> 
> However, klist -e shows:
> 
> [phil at frantic unstale]$ klist -e
> Ticket cache: FILE:/tmp/krb5cc_36070
> Default principal: phil at ISD.USC.EDU
> 
> Valid starting     Expires            Service principal
> 07/05/05 13:36:31  07/05/05 23:36:31  krbtgt/ISD.USC.EDU at ISD.USC.EDU
>         Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 
> [phil at frantic unstale]$ 
> 
> and the logs show:
> 
> Jul 05 13:36:31 frantic.usc.edu krb5kdc[26284](info): AS_REQ (3 etypes {23 16
> 1}) 128.125.10.120: ISSUE: authtime 1120595791, etypes {rep=23 tkt=1 ses=1},
> phil at ISD.USC.EDU for krbtgt/ISD.USC.EDU at ISD.USC.EDU
> 
> Neither the session key, nor my principal key seem to have been using the new
> encryption... it's not clear to me why...


Anyone?


-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20050706/e14bc1fb/attachment.bin


More information about the Kerberos mailing list