add new encryption type

Mark Nelson mnelson at
Fri Nov 22 18:21:00 EST 2002

I need to support etype=5(des3-cbc-md5) from draft-ietf-krb-wg-crypto-02.txt in my Application Server. I added ENCTYPE_DES3_CBC_MD5 to krb5.h  and modified etypes.c as follows:

      "des3-cbc-md5", "Triple DES cbc md5",
      &krb5_enc_des3, &krb5_hash_md5,	
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
      krb5_dk_string_to_key },

I get ERR_BAD_INTEGRITY (Decrypt integrity check failed) from krb5_rd_req_decoded() when processing AP Requests. Using a debugger, I've verified the AP Request has etype=5 & that the API correctly finds my new entry in krb5_enctypes_list[]. I also verified the API finds the correct entry in my keytab file & know the error occurs in krb5_dk_decrypt(). I'm using a 3rd party client to generate the AP requests & do not have access it's source code. 
Any ideas/suggestions on how to figure out the problem would be very much appreciated.

-mark nelson
Cedarpoint Communications

More information about the krbdev mailing list