[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
>| But that doesn't make any sense. In reality, the _enctype_ is the
>| same between AFS, V4, and V5 ... it's the salt algorithm that changes.
>Not true. Enctypes, according to the code, are e.g. "des-cbc-crc"; the
>problem is that krb5 authentication doesn't work unless there is a
>(krb5-specific) des3-cbc-sha1 key defined. The enctype *is* the same
>for AFS and krb4, however.
Ah, okay, this sounds like a Heimdal-specific thing. Certainly we've
been using V5 with des-cbc-crc for years.
>The krb5 auth code appears to try the default salt first, then the AFS
Hmmm, the MIT code supports a preauth mechanism to communicate back the
salt algorithm being used.