[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More kpasswd woes.

At 3:06 PM -0800 3/5/04, Alf Wachsmann wrote:
>On Fri, 5 Mar 2004, Henry B. Hotz wrote:
>>  The Solaris SEAM kpasswd command and the Heimdal kpasswd seem to
>>  work.  They change the password without error, but the resulting keys
>>  are like this:
>>  Keytypes(salttype[(salt-value)]): des3-cbc-sha1(pw-salt),
>>  des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)
>>  which works fine with kinit, but not with good old AFS klog.
>>  [ snip ]
>>  [kadmin]
>>           default_keys = des3:pw-salt v4
>This "default_keys" definition is the problem.
>The following works for our AFS cell "slac.stanford.edu":
>   default_keys = v4 des:afs3-salt:slac.stanford.edu
>You need to explicitly put your AFS cell name as the salt in there.

That seems entirely reasonable, but it doesn't explain why kpasswd 
does something different from kadmin/cpw.  Structurally that entry 
appears to only affect kadmin, while my problem is with kpasswd.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu