KDC: upgrade to 3DES
ss488 at cornell.edu
Thu Apr 7 08:38:07 EDT 2005
Following are the answeres for the Qs:
1)did you rekey your principal (aka change your password?)
yes. Following is the output of getprinc :
Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 2, DES cbc mode with CRC-32, no salt
Key: vno 2, DES cbc mode with CRC-32, Version 4
2)is your client restricting the requested enctypes in the krb5.conf file?
it does allow des3-hmac-sha1 . Corresponding lines from krb5.conf :
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
3)does the client you are using support 3DES?
yes,I am using MIT kinit from krb51.3.4 .
Thanks for your help
> shivakeshav santi wrote:
>> I am trying to upgrade the encryption type on the KDC to support
>> 3DES. I have made the relevant changes in krb5.conf and
>> :des3-hmac-sha1 des-cbc-crc)
>> But when I use kinit , I only get the tickets with single des.
>> Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
>> Am I missing something.
>> Thank you for your help.
> Just a few questions for you to answer:
> did you rekey your principal (aka change your password?)
> is your client restricting the requested enctypes in the krb5.conf file?
> does the client you are using support 3DES?
> Jeffrey Altman
> krbdev mailing list krbdev at mit.edu
Cornell Information Technologies
120 Maple Avenue
Ability may get you to the top, but only character will keep you there .....
More information about the krbdev