Updating encryption types
Kevin Coffman
kwc at citi.umich.edu
Wed Jul 6 19:21:17 EDT 2005
> On Tue, Jul 05, 2005 at 01:48:54PM -0700, Phil Dibowitz wrote:
> > from kadmin, great (though is that "no salt" supposed to be there?)!
> >=20
> > However, klist -e shows:
> >=20
> > [phil at frantic unstale]$ klist -e
> > Ticket cache: FILE:/tmp/krb5cc_36070
> > Default principal: phil at ISD.USC.EDU
> >=20
> > Valid starting Expires Service principal
> > 07/05/05 13:36:31 07/05/05 23:36:31 krbtgt/ISD.USC.EDU at ISD.USC.EDU
> > Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CR=
> C-32=20
> > [phil at frantic unstale]$=20
> >=20
> > and the logs show:
> >=20
> > Jul 05 13:36:31 frantic.usc.edu krb5kdc[26284](info): AS_REQ (3 etypes {2=
> 3 16
> > 1}) 128.125.10.120: ISSUE: authtime 1120595791, etypes {rep=3D23 tkt=3D1 =
> ses=3D1},
> > phil at ISD.USC.EDU for krbtgt/ISD.USC.EDU at ISD.USC.EDU
> >=20
> > Neither the session key, nor my principal key seem to have been using the=
> new
> > encryption... it's not clear to me why...
>
>
> Anyone?
My guess is that your krbtgt/ISD.ISC.EDU at ISD.USC.EDU principal still
only has a des key. 'cpw -randkey -keepold' on that principal to
generate other keys.
More information about the Kerberos
mailing list