[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more q's on multiple salted keys kaserver and afs -- possible kdc bug?

> I would sugest to patch kdc to support both v4 and v5 salt for des key.
>                      Mirek Ruda

The patch in question supposedly adds all possible salts and non-salts for
all new keys (chpasswd or new principals) which is probably what you want.

However I have more information indicating a possible bug in kdc/kaserver
(or as usual in your truly :-). Exasperated I tried to remake myself with

	default_keys = des:pw-salt: afs3-salt:su.se

Then both the NT client and the transarc unix klog work! If I then redo 
myself with what I would consider the "right" set of keys/salts

	default_keys = v5 des:pw-salt: afs3-salt:su.se

then nothing works (except for arla klog and heimdal kauth which always seem 
to work). It would seem like kaserver picks the wrong des keys and only gets 
it right when there are no other keys to choose from... I'm sorry if this is
a bit confused ...

	MVH leifj