Unable to have KDC use different enctype for session/service key
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Sep 17 11:59:00 EDT 2002
>If you have central applications what I'd suggest doing is getting
>both 3des and des session key tickets at the same timewhen a new
>client kinits.
Hm, well, that seems like it could work. Is there a way to do that?
I mean, I thought you could only have one session key per ticket.
>I'd also consider moving towards shared libraries for krb5.
Uh, I do. That doesn't help when:
- The shared library version number changes (libkrb5 went from 1.0 to 3.1)
- The libraries change names (libcrypto went to libk5crypto)
- The API changes (old crypto versus new crypto).
--Ken
More information about the krbdev
mailing list