[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
I didn't intend that last to be private, so I'm moving this back onto
On 2 Sep, Ken Hornstein wrote:
| >| While I'll confess to having not that much experiences with Heimdal, do
| >| you really have V4 keys in your database, or do you have AFS-salted keys?
| >AFS-salted, but in current versions of heimdal the salttype is
| >dissociated from the enctype. It is in this case the enctype that is
| >the problem.
| But that doesn't make any sense. In reality, the _enctype_ is the
| same between AFS, V4, and V5 ... it's the salt algorithm that changes.
Not true. Enctypes, according to the code, are e.g. "des-cbc-crc"; the
problem is that krb5 authentication doesn't work unless there is a
(krb5-specific) des3-cbc-sha1 key defined. The enctype *is* the same
for AFS and krb4, however.
| Sounds like either the KDC or the client isn't sending back the salt
| information to the client.
The krb5 auth code appears to try the default salt first, then the AFS
brandon s. allbery os/2,linux,solaris,perl firstname.lastname@example.org
system administrator kthkrb,heimdal,gnome,rt email@example.com
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.