[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
Having managed to get our kaserver.DB0 hprop'ed into a heimdal KDC, I
discovered that it "didn't work". I then ran out of time to look into
it until today, when I discovered the reason.
It seems that when krb4 or kaserver principals are hprop'ed over, they
get keys with krb4 enctypes. These keys cannot be used by krb5,
apparently: while I can still authenticate against heimdal's KDC with
krb4 utilities (kaserver is as yet untested), I cannot authenticate
as one of the transferred principals using heimdal's kinit --- or
kauth, or hprop, or anything else that want to use krb5-style
authentication. Principals added via "kadmin -l" get both krb4 and
krb5 enctypes, and work properly with both.
What would it take to get the transferred keys re-encoded with
des3-cbc-sha1 as well as with the krb4-compatible enctypes?
Preferably without having to change everyone's password (which also
brandon s. allbery os/2,linux,solaris,perl firstname.lastname@example.org
system administrator kthkrb,heimdal,gnome,rt email@example.com
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.