[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more q's on multiple salted keys kaserver and afs

On Fri, 14 Jul 2000, Brandon S. Allbery KF8NH wrote:

> On 07/14/00 13:49:55 +0200 Leif Johansson <leifj@it.su.se> wrote:
> +-----
> | 2. I am setting up an afs-cell and am sadly unable to get klog (or
> | klog.krb) to work with heimdal kdc w kaserver support -- getting
> |     "password incorrect". I think I need klog to work be able to get
> |     win32 transarc clients to play  nice (kauth/afslog works ok with
> |     afs3.6 on uni*es btw) ... I suspect the  problem is that my
> |     principals lack afs3 salted keys. How does that theory  sound?
> +--->8
> Correct; I had to patch our kadmind to force AFS3-salted passwords (which 
> patch will hopefully be obsoleted by Derrick's), as otherwise anyone who 
> changed their password lost the ability to use klog when the new password 
> ended up with pw-salt.

well, the problem isn't pw-salt per se, it's pw-salt with a salt that
isn't ""; mit v4 salt is the same as pw-salt for the algorithm but always
uses a salt string of "". klog will try the mit v4 salt.

but yes, what he said.