problem with master_key_type = des3-cbc-sha1?
Sam Hartman
hartmans at MIT.EDU
Thu May 16 12:33:01 EDT 2002
>>>>> "Will" == Will Fiveash <william.fiveash at sun.com> writes:
Will> On Thu, May 16, 2002 at 09:32:29AM -0400, Sam Hartman wrote:
>> I think you wanted des3-hmac-sha1 not des3-cbc-sha1.
Will> This didn't help. If I set master_key_type = des3-hmac-sha1
Will> and use:
As you point out below I'm confused and they are aliases.
I never can remember what's a valid alias and the code is really bad
about ignoring enctypes it doesn't understand.
Will> /usr/local/sbin/kdb5_util create -r MIT122.ENG.SUN.COM -s
Will> the enctype associated with K/M at MIT122.ENG.SUN.COM is
Will> ENCTYPE_DES_CBC_CRC. If I do:
Will> /usr/local/sbin/kdb5_util create -r MIT122.ENG.SUN.COM -s
Will> -k des3-hmac-sha1
Will> then kadmin.local returns this error message:
Will> Authenticating as principal
Will> hooshang/admin at MIT122.ENG.SUN.COM with password.
Will> kadmin.local: Stored master key is corrupted while
Will> initializing kadmin.local interface
Will> Can you get the enctype for K/M at REALM to be des3-hmac-sha1?
Will> Does kadmin.local, kadmin and kdc work? I'm also wondering
Will> what the default enctype for the master key should be.
Yes. My Debian packages do this by default.
I end up with a kdc.conf like the following:
b
[kdcdefaults]
default_realm = SUCHDAMAGE.ORG
kdc_ports = 750,88
[realms]
SUCHDAMAGE.ORG = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
default_principal_flags = +preauth
kadmin.local, kadmind and krb5kdc all work; getprinc on K/M show a
des3 enctype.
More information about the krbdev
mailing list