password server do not generate key types specified by supported_enctypes
Vinayak Hegde
hvinayak at novell.com
Fri Jun 9 10:06:11 EDT 2006
Hi,
I have a concern with respect to the key types generated by password
server, while servicing a change password request. The password server
do not generate key types specified by supported_enctypes tag of realms
section in kdc.conf file.
To explain the problem, if there is a principal "princ1" with
aes256-cts and rc4-hmac encryption type (the same types are mentioned in
the supported_enctypes tag of kdc.conf), on changing the password using
kpasswd, it will generate keys of type des3-hmac-sha1 and des-cbc-crc.
I was working on the MIT Kerberos and Samba integration, to enable the
MIT Kerberos to interpret sambaNTPassword attribute of Samba 3.x (only
possible when both MIT Kerberos and Samba are using the same search base
in LDAP directory tree) as the rc4-hmac key. And while doing so, I came
across the above issue.
Do we have a work-around for the above problem?
Cheers,
Vinayak
More information about the krbdev
mailing list