GSS-API and 3DES
Ben Cox
cox-work at djehuti.com
Fri Oct 4 15:44:00 EDT 2002
What's the current state of 3DES and GSS-API? Is it thought to be
complete, or is it not there yet? I can't seem to make it work:
* If my service principal has a des-cbc-crc key and a des3-cbc-raw
key (which I get by default if I do "ktadd -k kt princname"), my
client gets a des-cbc-crc ticket for it.
* If my service principal has ONLY a des3-cbc-sha1 key, my client
gets a ticket for it, but the server fails on gss_accept_sec_context
with GSS_S_FAILURE and gss_minor=-1765328151 (gss_display_status
gives "Unknown code z 0").
* If my service principal has ONLY a des3-cbc-raw key, the client
fails on gss_init_sec_context (with the same gss_minor value),
and there's a note in the KDC log:
TGS_REQ (1 etypes {1}) 10.1.4.120(88): FINDING_SERVER_KEY:
authtime 1033759686, cox at MYREALM.TLD for gsstestsvc at MYREALM,
No matching key in entry having a permitted enctype
Should this be working? Do I need to do something else? Or is this
known not to be up to par yet?
-- Ben
More information about the krbdev
mailing list