Kerberos Digest, Vol 60, Issue 9
Steve Devine
devine.steve at gmail.com
Mon Dec 10 18:16:15 EST 2007
On Dec 10, 10:11 am, Jeff Blaine <jbla... at kickflop.net> wrote:
> > ...
> >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3
> > ...
> > ^^^^^^^^^^^^^
>
> > Have you tried using other salt types?
>
> > -Marcus Watts
>
> I'm afraid I don't have that luxury, if I understand you
> correctly. We have 900+ principals imported from AFS with keys
> as above. Currently this is all in testing and this is a report
> of a snag in the testing. Since it all works fine under Solaris
> 9 with MIT Kerberos, I consider this a problem with MIT Kerberos
> as delivered in RHEL3, or something else outside of my current
> knowledge.
We imported 100,000 plus users into kerberos5 from AFS and it all
worked fine. After the import we expanded the enctypes and it did not
affect the existing users. Just don't take out the single des entry.
When you do a a getprinc on a principal after they have reset their
password you will see that they have multiple enctypes associated with
their principal. The client that auths against the kdc will negotiate
itself to the enctype it chooses.
More information about the Kerberos
mailing list