[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: more q's on multiple salted keys kaserver and afs -- possible kdc bug?
> I would sugest to patch kdc to support both v4 and v5 salt for des key.
> Mirek Ruda
The patch in question supposedly adds all possible salts and non-salts for
all new keys (chpasswd or new principals) which is probably what you want.
However I have more information indicating a possible bug in kdc/kaserver
(or as usual in your truly :-). Exasperated I tried to remake myself with
default_keys = des:pw-salt: afs3-salt:su.se
Then both the NT client and the transarc unix klog work! If I then redo
myself with what I would consider the "right" set of keys/salts
default_keys = v5 des:pw-salt: afs3-salt:su.se
then nothing works (except for arla klog and heimdal kauth which always seem
to work). It would seem like kaserver picks the wrong des keys and only gets
it right when there are no other keys to choose from... I'm sorry if this is
a bit confused ...