password server do not generate key types specified by supported_enctypes
Vinayak Hegde
hvinayak at novell.com
Wed Jun 14 04:12:28 EDT 2006
>>> On Mon, Jun 12, 2006 at 6:35 PM, in message
<tslslmay164.fsf at cz.mit.edu>, Sam
Hartman <hartmans at mit.edu> wrote:
>>>>>> "Vinayak" == Vinayak Hegde <hvinayak at novell.com> writes:
>
> >>>> On Fri, Jun 9, 2006 at 9:24 PM, in message
> Vinayak> <tslslmeiaty.fsf at cz.mit.edu>, Sam Hartman
> Vinayak> <hartmans at mit.edu> wrote:
> >>>>>>> "Vinayak" == Vinayak Hegde <hvinayak at novell.com> writes:
> >>
> Vinayak> Hi, I have a concern with respect to the key types
> Vinayak> generated by password server, while servicing a change
> Vinayak> password request. The password server do not generate
key
> Vinayak> types specified by supported_enctypes tag of realms
> Vinayak> section in kdc.conf file.
> >> We do not see this ehavior although concerns about this have
> >> been raised on the list when using the ldap backend so
perhaps
> >> it is an ldap- specific problem.
> >>
>
> Vinayak> It is not ldap- specific, as I see this problem in the
> Vinayak> krb5- 1.4.3 code, which is using db2
> Vinayak> back- end. Additionally, create principal (create) and
set
> Vinayak> password (cpw) of kadmin function correctly (i. e.,
> Vinayak> creates keys of type(s) specified in the
> Vinayak> supported_enctypes tag of krb5.conf).
>
>
> Let me confirm this. You are using kpasswd client to change the
> password and you end up with keys different than supported_enctypes?
Yes. That's correct.
Cheers,
Vinayak
More information about the krbdev
mailing list