[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?

<allbery@kf8nh.apk.net> writes:
> Not true.  Enctypes, according to the code, are e.g. "des-cbc-crc"; the
> problem is that krb5 authentication doesn't work unless there is a
> (krb5-specific) des3-cbc-sha1 key defined.

That should not be the case and I know of people running Heimdal with
just DES keys so something else is rotten in the state of Denmark.

> The krb5 auth code appears to try the default salt first, then the AFS
> salt.

The KDC does send back the salt information, including the type and
the salt-string.