[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?

>|  But that doesn't make any sense.  In reality, the _enctype_ is the
>|  same between AFS, V4, and V5 ... it's the salt algorithm that changes.
>Not true.  Enctypes, according to the code, are e.g. "des-cbc-crc"; the
>problem is that krb5 authentication doesn't work unless there is a
>(krb5-specific) des3-cbc-sha1 key defined.  The enctype *is* the same
>for AFS and krb4, however.

Ah, okay, this sounds like a Heimdal-specific thing.  Certainly we've
been using V5 with des-cbc-crc for years.

>The krb5 auth code appears to try the default salt first, then the AFS

Hmmm, the MIT code supports a preauth mechanism to communicate back the
salt algorithm being used.