problem with master_key_type = des3-cbc-sha1?

Will Fiveash william.fiveash at
Thu May 16 17:15:01 EDT 2002

On Thu, May 16, 2002 at 01:55:17PM -0500, Will Fiveash wrote:
> On Thu, May 16, 2002 at 02:03:06PM -0400, Sam Hartman wrote:
> > Your master keytype *must* be one of your supported_enctypes.
> Sure, but isn't des3-cbc-sha1 or des3-hmac-sha1 one of the default
> supported_enctypes?  In fact, look at kadm5_get_config_params() in
> src/lib/kadm5/alt_prof.c.  At line 685 there's code to deal with
> setting the supported_enctypes option.  It appears to me that if the
> supported_enctype isn't passed in on the command line or explicitly
> set in the kdc.conf file then the default is to use (line 705):
>    svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");

I think I understand part of the problem with the default value for
supported_enctypes.  The default above is set in
kadm5_get_config_params() but that isn't called by krb5kdc.
krb5_read_realm_params() is called by krb5kdc but that doesn't set a
default value for supported_enctypes.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list