[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
On 13 Sep, Assar Westerlund wrote:
| <firstname.lastname@example.org> writes:
| > Not true. Enctypes, according to the code, are e.g. "des-cbc-crc"; the
| > problem is that krb5 authentication doesn't work unless there is a
| > (krb5-specific) des3-cbc-sha1 key defined.
| That should not be the case and I know of people running Heimdal with
| just DES keys so something else is rotten in the state of Denmark.
Hm. I was getting AFS and krb4 authentication fine, but krb5 kinit
gave "Password incorrect" for all the transferred principals I tested.
If I created a new principal, it worked fine for all three
| > The krb5 auth code appears to try the default salt first, then the AFS
| > salt.
| The KDC does send back the salt information, including the type and
| the salt-string.
I know, but I saw an extra attempt with a forced salt --- I think it
was the AFS salt, but I'm not absolutely certain --- in the code I
traced through while trying to figure this out.
brandon s. allbery os/2,linux,solaris,perl email@example.com
system administrator kthkrb,heimdal,gnome,rt firstname.lastname@example.org
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.