Re: Bad encryption length, other problems with 0.5+

[Aidan Cully <aidan@kublai.com>]

On Thu, Mar 27, 2003 at 07:16:02PM -0500, Brendan Cully wrote:
> On Friday, 28 March 2003 at 00:53, Love wrote:
> > Chris Chiappa <griffon+heimdal-discuss@snurgle.org> writes:
> > 
> > > I'd appreciate any ideas on where to look for what might be going wrong.
> > 
> > Dunno about the converting srvtab to keytab, but I think i remember having
> > the problem with 'Key size is incompatible with encryption type' when the
> > master-key was of some special type that made the key to be padded to a
> > larger size when encrypting it (kerberos encryption doesn't include length
> > since it not needed, its asn1 data inside, except its not true for this
> > case. 
> > 
> > "Key size is incompatible with encryption type" is the same error as
> > "encryption key has bad length", newer heimdal give diffrent error
> > messages. Can you put a breakpoint in krb5_crypto_init and check if the key
> > that is indeed too long compared the right keysize.
> > 
> > Johan, you remember any more of this and if hdb_unseal_keys_mkey() should
> > fix the keylength ?
> 
> I believe my brother posted a workaround for this several months ago:
> 
> http://www.stacken.kth.se/lists/heimdal-discuss/2002-10/msg00032.html

That's right, but I continued to have issues with kerberos that I
never got around to fixing since it was easier just to move to ssh
over telnet, and no one appeared to be interested anyway.

--aidan