Multiple ETYPE-INFO-ENTRY with same etype but different salts
Henry B. Hotz
hotz at jpl.nasa.gov
Tue Jul 19 22:39:29 EDT 2011
On Jul 18, 2011, at 7:05 AM, krbdev-request at mit.edu wrote:
>> I would expect the des-cbc-md5:normal to result in an etype-info2 entry
>> with no specified salt (which means the default salt). I don't know why
>> Java isn't choosing this entry.
>
> As I said, we skip entry with an empty salt.
>
> We will fix our problem. My last question would be: so the customer has no workaround now on their KDC side?
The customer could follow current recommended practice and stop using Kerberos 4 and single-DES. ;-) ;-)
(You can preserve single-des keys for the AFS service even if you strip them out of everything else.)
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list