[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more q's on multiple salted keys kaserver and afs

To: heimdal-discuss@sics.se
Subject: Re: more q's on multiple salted keys kaserver and afs
From: Derrick J Brashear <shadow@dementia.org>
Date: Fri, 14 Jul 2000 11:00:51 -0400 (EDT)
In-Reply-To: <11620000.963578280@tully>
Sender: owner-heimdal-discuss@sics.se

On Fri, 14 Jul 2000, Brandon S. Allbery KF8NH wrote:

> On 07/14/00 13:49:55 +0200 Leif Johansson <leifj@it.su.se> wrote:
> +-----
> | 2. I am setting up an afs-cell and am sadly unable to get klog (or
> | klog.krb) to work with heimdal kdc w kaserver support -- getting
> |     "password incorrect". I think I need klog to work be able to get
> |     win32 transarc clients to play  nice (kauth/afslog works ok with
> |     afs3.6 on uni*es btw) ... I suspect the  problem is that my
> |     principals lack afs3 salted keys. How does that theory  sound?
> +--->8
> 
> Correct; I had to patch our kadmind to force AFS3-salted passwords (which 
> patch will hopefully be obsoleted by Derrick's), as otherwise anyone who 
> changed their password lost the ability to use klog when the new password 
> ended up with pw-salt.

well, the problem isn't pw-salt per se, it's pw-salt with a salt that
isn't ""; mit v4 salt is the same as pw-salt for the algorithm but always
uses a salt string of "". klog will try the mit v4 salt.

but yes, what he said.

-D

References:
- Re: more q's on multiple salted keys kaserver and afs
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: more q's on multiple salted keys kaserver and afs
Next by Date: Re: more q's on multiple salted keys kaserver and afs
Prev by thread: Re: more q's on multiple salted keys kaserver and afs
Next by thread: uw-imapd gssapi support and heimdal
Index(es):
- Date
- Thread