KDC: upgrade to 3DES
Shivakeshav Santi
ss488 at cornell.edu
Thu Apr 7 08:38:07 EDT 2005
Jeff,
Following are the answeres for the Qs:
1)did you rekey your principal (aka change your password?)
yes. Following is the output of getprinc :
Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 2, DES cbc mode with CRC-32, no salt
Key: vno 2, DES cbc mode with CRC-32, Version 4
2)is your client restricting the requested enctypes in the krb5.conf file?
it does allow des3-hmac-sha1 . Corresponding lines from krb5.conf :
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
3)does the client you are using support 3DES?
yes,I am using MIT kinit from krb51.3.4 .
Thanks for your help
> shivakeshav santi wrote:
>
>> HI,
>>
>> I am trying to upgrade the encryption type on the KDC to support
>> 3DES. I have made the relevant changes in krb5.conf and
>> kdc.conf(supported_enctypes,
>> kdc_supported_enctypes,default_tgs_enctypes,default_tkt_enctypes
>> :des3-hmac-sha1 des-cbc-crc)
>>
>> But when I use kinit , I only get the tickets with single des.
>> Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
>>
>> Am I missing something.
>>
>> Thank you for your help.
>
> Just a few questions for you to answer:
>
> did you rekey your principal (aka change your password?)
>
> is your client restricting the requested enctypes in the krb5.conf file?
>
> does the client you are using support 3DES?
>
> Jeffrey Altman
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
--
Shivakeshav Santi
Programmer Analyst/Senior
Cornell Information Technologies
120 Maple Avenue
Cornell University
Tel :6072551916(O)
Ability may get you to the top, but only character will keep you there .....
More information about the krbdev
mailing list