[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more q's on multiple salted keys kaserver and afs

Leif Johansson wrote:
> Well, I set up my NT box and rolled in Tramsarc NT client version 3.6 but
> was unable to get tickets even after applying the patch which started this 
> thread. I set up my default_keys with v5 v4 and afs3-salt:<my cell> and 
> made a new principal for myself and verified using get --long that it did 
> indeed receive a set of afs3-salted keys.

Similar observation here - we are running Heimdal KDC without mentioned patch. 
Users having v4 salt are able to get tokens with Transarc unix klog, heimdal 
kauth and Transarc NT klog client (ver. 3.4 and 3.5). Users having v5 salted
key are not able to get tokens with Transarc NT klog.

V4 salted keys are converted from v4 kth-krb kdc. V5 salted keys are new keys 
or keys with changed password. There is possibilty to disable usage of 
v5 salts ([kadmin] use_v4_salt = yes in kdc.conf) but we prefer to use 
v5 salted keys (to be able to use Windows 2000 as clients with

I would sugest to patch kdc to support both v4 and v5 salt for des key.

                     Mirek Ruda

| Miroslav Ruda, system administrator  | Institute of Computer Science      |
| Phone: +420 5 41512258               | Masaryk University                 |
| Fax:   +420 5 41212747               | Botanicka 68a                      |
| E-mail: ruda@ics.muni.cz             | 602 00 Brno                        |
| WWW: http://www.fi.muni.cz/~ruda     | Czech Republic                     |