[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: more q's on multiple salted keys kaserver and afs
On Mon, 17 Jul 2000, Miroslav Ruda wrote:
> Leif Johansson wrote:
> > Well, I set up my NT box and rolled in Tramsarc NT client version 3.6 but
> > was unable to get tickets even after applying the patch which started this
> > thread. I set up my default_keys with v5 v4 and afs3-salt:<my cell> and
> > made a new principal for myself and verified using get --long that it did
> > indeed receive a set of afs3-salted keys.
> Similar observation here - we are running Heimdal KDC without mentioned patch.
> Users having v4 salt are able to get tokens with Transarc unix klog, heimdal
> kauth and Transarc NT klog client (ver. 3.4 and 3.5). Users having v5 salted
> key are not able to get tokens with Transarc NT klog.
> V4 salted keys are converted from v4 kth-krb kdc. V5 salted keys are new keys
> or keys with changed password. There is possibilty to disable usage of
> v5 salts ([kadmin] use_v4_salt = yes in kdc.conf) but we prefer to use
> v5 salted keys (to be able to use Windows 2000 as clients with
> I would sugest to patch kdc to support both v4 and v5 salt for des key.
The current stuff in CVS is so patched; Right now we have things set up to
use v4 and v5 salted keys as we long ago converted out AFS infrastructure
to use v4 salt instead of AFS.