[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: more q's on multiple salted keys kaserver and afs
On Fri, 14 Jul 2000, Brandon S. Allbery KF8NH wrote:
> On 07/14/00 13:49:55 +0200 Leif Johansson <firstname.lastname@example.org> wrote:
> | 2. I am setting up an afs-cell and am sadly unable to get klog (or
> | klog.krb) to work with heimdal kdc w kaserver support -- getting
> | "password incorrect". I think I need klog to work be able to get
> | win32 transarc clients to play nice (kauth/afslog works ok with
> | afs3.6 on uni*es btw) ... I suspect the problem is that my
> | principals lack afs3 salted keys. How does that theory sound?
> Correct; I had to patch our kadmind to force AFS3-salted passwords (which
> patch will hopefully be obsoleted by Derrick's), as otherwise anyone who
> changed their password lost the ability to use klog when the new password
> ended up with pw-salt.
well, the problem isn't pw-salt per se, it's pw-salt with a salt that
isn't ""; mit v4 salt is the same as pw-salt for the algorithm but always
uses a salt string of "". klog will try the mit v4 salt.
but yes, what he said.