add new encryption type
Mark Nelson
mnelson at cedarpointcom.com
Fri Nov 22 18:21:00 EST 2002
I need to support etype=5(des3-cbc-md5) from draft-ietf-krb-wg-crypto-02.txt in my Application Server. I added ENCTYPE_DES3_CBC_MD5 to krb5.h and modified etypes.c as follows:
{ ENCTYPE_DES3_CBC_MD5,
"des3-cbc-md5", "Triple DES cbc md5",
&krb5_enc_des3, &krb5_hash_md5,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5_dk_string_to_key },
I get ERR_BAD_INTEGRITY (Decrypt integrity check failed) from krb5_rd_req_decoded() when processing AP Requests. Using a debugger, I've verified the AP Request has etype=5 & that the API correctly finds my new entry in krb5_enctypes_list[]. I also verified the API finds the correct entry in my keytab file & know the error occurs in krb5_dk_decrypt(). I'm using a 3rd party client to generate the AP requests & do not have access it's source code.
Any ideas/suggestions on how to figure out the problem would be very much appreciated.
regards,
-mark nelson
Cedarpoint Communications
More information about the krbdev
mailing list