keytab created on MIT KDC with des3 enctype does not work with heimdal
artipdesai at yahoo.com
Thu Jun 8 08:38:02 EDT 2006
I have a kerb5 setup with MIT KDC and heimdal client
APIs to perform kerb5 authentication. I have created
principals without specifying any keysaltlist. A
keytab is created by running ktadd. klist shows-
-bash2-2.05b$ sudo ktutil -k
Vno Type Principal
5 des3-cbc-sha1 imap/osqa2.domain.com at DOMAIN.COM
5 des-cbc-crc imap/osqa2.domain.com at DOMAIN.COM
(Note: I have replace domain with actual domain name)
With this keytab, heimdal client gives authentication
failure. When I debugged the code I found that it is
failing in verify_checksum function.
Authentication is successful, if I specify -e
DES-CBC-CRC:normal to ktadd so that the keytab
contains just one enctype- des-cbc-crc.
It does not seem to be a problem with multiple
enctypes, because creating keytab with just
des3-cbc-sha1 also does not solve the problem.
Is there a known problem with des3 enctype in heimdal
ot interoperability between MIT and heimdal for des3
Thanks in advance,
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the Kerberos