password server do not generate key types specified by supported_enctypes
Sam Hartman
hartmans at MIT.EDU
Mon Jun 12 09:05:23 EDT 2006
>>>>> "Vinayak" == Vinayak Hegde <hvinayak at novell.com> writes:
>>>> On Fri, Jun 9, 2006 at 9:24 PM, in message
Vinayak> <tslslmeiaty.fsf at cz.mit.edu>, Sam Hartman
Vinayak> <hartmans at mit.edu> wrote:
>>>>>>> "Vinayak" == Vinayak Hegde <hvinayak at novell.com> writes:
>>
Vinayak> Hi, I have a concern with respect to the key types
Vinayak> generated by password server, while servicing a change
Vinayak> password request. The password server do not generate key
Vinayak> types specified by supported_enctypes tag of realms
Vinayak> section in kdc.conf file.
>> We do not see this ehavior although concerns about this have
>> been raised on the list when using the ldap backend so perhaps
>> it is an ldap- specific problem.
>>
Vinayak> It is not ldap-specific, as I see this problem in the
Vinayak> krb5-1.4.3 code, which is using db2
Vinayak> back-end. Additionally, create principal (create) and set
Vinayak> password (cpw) of kadmin function correctly (i. e.,
Vinayak> creates keys of type(s) specified in the
Vinayak> supported_enctypes tag of krb5.conf).
Let me confirm this. You are using kpasswd client to change the
password and you end up with keys different than supported_enctypes?
More information about the krbdev
mailing list