[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Setting enctype in tickets

To: heimdal-discuss@sics.se
Subject: Setting enctype in tickets
From: Daniel Kouril <kouril@ics.muni.cz>
Date: Fri, 5 Oct 2001 11:24:59 +0200
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.2.5i

Hi,
is it possible to get a service ticket with explicit encryption type? When I
use 'kgetcred -e des-cbc-crc host/<FQDN>@REALM>' then I get a ticket with
des-cbc-md5. Moreover, when I try '-e des-cbc-md[45]' the KDC complains about
not supported etypes.

After looking at the kgetcred source, I think two various types are mixed
there. If the -e parameter is used, the parsed value is stored in
in.session.keytype and the 'in' struct is later passed to the
krb5_get_credentials function. But the in.session.keytype field is expected to
carry a value of KEYTYPE (i.e. DES, DES3, ARCFOUR) not ENCTYPE. Unfortunately
enough, the domains of these two types are similar (e.g KEYTYPE_DES =
ETYPE_DES_CBC_CRC). This leads to weird results at least of the kgetcred
program. I think either the '-e' parameter should be changed or another
function allowing specification of enctype should be used.

regards
--
Daniel Kouril

Follow-Ups:
- Re: Setting enctype in tickets
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: MS kerb drafts
Next by Date: Re: MS kerb drafts
Prev by thread: Re: ftp -n requires password
Next by thread: Re: Setting enctype in tickets
Index(es):
- Date
- Thread