MIT krb5-1.6.3: getprinc shows 'no salt' on all keys
Mike Friedman
mikef at berkeley.edu
Fri Apr 25 19:30:10 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even though
the enctypes in kdc.conf's supported-enctypes all show a salt type of
':normal'. I thought ':normal' meant salt with principal and realm, in
any case not 'no salt'.
Here's what kdc.conf has:
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
And here's an extract of a principal's entry as shown by getprinc:
Number of keys: 2
Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 3, DES cbc mode with CRC-32, no salt
I've seen this on two different 1.6.3 servers, with different sets
of supported-enctypes (all with ':normal' as the salt type).
On my 1.4.2 system, where kdc.conf looks like this:
supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 des-cbc-crc:v4
I get this principal key information:
Number of keys: 5
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
So, why the 'no salt' in all the key descriptions for 1.6.3?
Thanks.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef at berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEARECAAYFAkgSaYMACgkQFgKSfLOvZ1R+nACggh0hL1WQJR7je79c3xralo/g
owQAoIYGSHlgwPFExcLwPdAI9EPMCP6V
=2RID
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list