keytab created on MIT KDC with des3 enctype does not work with heimdal
Arati Desai
artipdesai at yahoo.com
Thu Jun 8 08:38:02 EDT 2006
Hi All,
I have a kerb5 setup with MIT KDC and heimdal client
APIs to perform kerb5 authentication. I have created
principals without specifying any keysaltlist. A
keytab is created by running ktadd. klist shows-
-bash2-2.05b$ sudo ktutil -k
/tmp/osqa2.domain.com.keytab list
/tmp/osqa2.domain.com:
Vno Type Principal
5 des3-cbc-sha1 imap/osqa2.domain.com at DOMAIN.COM
5 des-cbc-crc imap/osqa2.domain.com at DOMAIN.COM
(Note: I have replace domain with actual domain name)
With this keytab, heimdal client gives authentication
failure. When I debugged the code I found that it is
failing in verify_checksum function.
Authentication is successful, if I specify -e
DES-CBC-CRC:normal to ktadd so that the keytab
contains just one enctype- des-cbc-crc.
It does not seem to be a problem with multiple
enctypes, because creating keytab with just
des3-cbc-sha1 also does not solve the problem.
Is there a known problem with des3 enctype in heimdal
ot interoperability between MIT and heimdal for des3
enctype?
Thanks in advance,
Arati
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kerberos
mailing list