[krbdev.mit.edu #2545] AFS string_to_key broken for passwords > 8 chars
bbense@slac.stanford.edu via RT
rt-comment at krbdev.mit.edu
Fri Apr 30 18:20:15 EDT 2004
On Thu, 29 Apr 2004, Sam Hartman via RT wrote:
>
> One work around might be to convince the Heimdal KDC to send the
> appropriate etype_info2 s2kparams to indicate that the AFS3 salt
> should be used. If your KDC does this, our code should do the right
> thing.
>
_ Even for 8 char and less passwords? I'm not seeing how that
could happen since the right algorithm is only in
mit_afs_string_to_key and that is only called in one
place. I agree it would work for 9 char password, but there
is no way for the KDC to know the length of your password.
_ Is there some code path I'm missing?
_ Booker C. Bense
More information about the krb5-bugs
mailing list