password server do not generate key types specified by supported_enctypes
Vinayak Hegde
hvinayak at novell.com
Mon Jun 12 08:24:35 EDT 2006
>>> On Fri, Jun 9, 2006 at 9:24 PM, in message
<tslslmeiaty.fsf at cz.mit.edu>, Sam
Hartman <hartmans at mit.edu> wrote:
>>>>>> "Vinayak" == Vinayak Hegde <hvinayak at novell.com> writes:
>
> Vinayak> Hi, I have a concern with respect to the key types
> Vinayak> generated by password server, while servicing a change
> Vinayak> password request. The password server do not generate
key
> Vinayak> types specified by supported_enctypes tag of realms
> Vinayak> section in kdc.conf file.
> We do not see this ehavior although concerns about this have been
> raised on the list when using the ldap backend so perhaps it is an
> ldap- specific problem.
>
It is not ldap-specific, as I see this problem in the krb5-1.4.3 code,
which is using db2 back-end. Additionally, create principal (create) and
set password (cpw) of kadmin function correctly (i. e., creates keys of
type(s) specified in the supported_enctypes tag of krb5.conf).
I feel that the key types for that principal should be retained after
changing the password and can be considered for post-1.5 release.
> -- Sam
cheers,
Vinayak
More information about the krbdev
mailing list