problem with master_key_type = des3-cbc-sha1?
Will Fiveash
william.fiveash at sun.com
Thu May 16 13:19:00 EDT 2002
On Thu, May 16, 2002 at 12:32:38PM -0400, Sam Hartman wrote:
>
> Will> Can you get the enctype for K/M at REALM to be des3-hmac-sha1?
> Will> Does kadmin.local, kadmin and kdc work? I'm also wondering
> Will> what the default enctype for the master key should be.
> Yes. My Debian packages do this by default.
What I mean by default is that master_key_type, supported_enctypes,
and kdc_supported_enctypes should not explicity set in the kdc.conf
but the defaults in the kerberos code should be used.
(more comments below)
> I end up with a kdc.conf like the following:
>
> b
> [kdcdefaults]
> default_realm = SUCHDAMAGE.ORG
> kdc_ports = 750,88
>
> [realms]
> SUCHDAMAGE.ORG = {
> database_name = /var/lib/krb5kdc/principal
> admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
> acl_file = /etc/krb5kdc/kadm5.acl
> key_stash_file = /etc/krb5kdc/stash
> kdc_ports = 750,88
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> master_key_type = des3-hmac-sha1
> supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
> default_principal_flags = +preauth
>
>
> kadmin.local, kadmind and krb5kdc all work; getprinc on K/M show a
> des3 enctype.
What happens if you comment out the supported_enctypes assignment in
your kdc.conf. Does your krb5kdc run?
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list