krb5-kdc/1121: kdc does not support des3-hmac-sha1 by default
William Fiveash
willf at alton.central.sun.com
Thu Jun 20 20:33:00 EDT 2002
>Number: 1121
>Category: krb5-kdc
>Synopsis: kdc does not support des3-hmac-sha1 by default
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 20 20:34:00 EDT 2002
>Last-Modified:
>Originator: William Fiveash
>Organization:
Sun Microsystems Inc.
>Release: krb5-1.2.5
>Environment:
System: SunOS alton 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
When setting "master_key_type = des3-hmac-sha1" in kdc.conf and creating
the principal db, krb5kdc will fail to start unless "supported_enctypes
= des3-hmac-sha1" is also set. krb5kdc should support des3-hmac-sha1 by
default.
>How-To-Repeat:
>Fix:
--- src/lib/kadm5/alt_prof.c.orig Thu Jun 20 19:07:24 2002
+++ src/lib/kadm5/alt_prof.c Thu Jun 20 19:17:56 2002
@@ -943,6 +943,11 @@
hierarchy[2] = "supported_enctypes";
kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
}
+ /* Why not support the same defaults found in kadm5_get_config_params()?
+ */
+ if (svalue == NULL) {
+ svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+ }
if (!kret) {
krb5_string_to_keysalts(svalue,
", \t", /* Tuple separators */
@@ -951,6 +956,7 @@
&rparams->realm_keysalts,
&rparams->realm_num_keysalts);
krb5_xfree(svalue);
+ svalue = NULL;
}
kret = 0;
}
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list