[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT-Heimdal interop issues



On Sun, 2004-07-25 at 01:22, Sam Hartman wrote:
> >>>>> "Kevin" == Kevin Coffman <kwc@citi.umich.edu> writes:
> 
>     Kevin> Ignore me.  I wasn't restarting my client between changes
>     Kevin> of krb5.conf.  After restarting the client, it seems to be
>     Kevin> honoring the config file options and negotiating a
>     Kevin> des-cbc-crc service ticket.
> 
> It's really kind of unfortunate that your kernel module does not
> support des-cbc-md4.  Asking people to change their krb5.confs is
> unacceptable from an administration stand point, because they won't
> remember to remove the changes when their site starts supporting 3des
> or aes.
> 
> 
> Unfortunately your module seems to be the only thing that doesn't
> support des-cbc-md4.

More of a worry to me is the lack of support for rc4-hmac-md5.  Sites
playing with Samba/Heimdal integration, and sites using Active Directory
often simply have no other keytypes reliably available!

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net

This is a digitally signed message part