[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: aes256-cts-hmac-sha1-96 support in Heimdal 0.6.2
On Tuesday 03 August 2004 06:54, Love wrote:
> Karsten Künne <karsten.kuenne@desy.de> writes:
> > Hi,
> >
> > I try to use aes256-cts-hmac-sha1-96 keys with Heimdal in order to be
> > interoperable with MIT Kerberos but I can't get it to work. I created a
> > fresh new principal with the proper keys (at least I hope so):
>
> [...]
>
> > This is with Heimdal 0.6.2 (client and server). So, what's the status of
> > aes256-cts-hmac-sha1-96 support in Heimdal? Is it broken or am I doing
> > something stupid? Or do I need a newer snapshot?
>
> heimdal 0.6.x doesn't support AES, what version are you really running ?
>
> kinit --version/kdc --version
>
% /usr/heimdal/sbin/kdc --version
kdc (Heimdal 0.6.2)
Copyright 1999-2004 Kungliga Tekniska Högskolan
Send bug-reports to heimdal-bugs@pdc.kth.se
% kinit --version
kinit (Heimdal 0.6.2)
Copyright 1999-2004 Kungliga Tekniska Högskolan
Send bug-reports to heimdal-bugs@pdc.kth.se
But I compiled heimdal with the following flags:
CFLAGS=-xbuiltin=%all -xlibmil -xO2 -xtarget=ultra -xarch=v8plusa -mt
-D_REENTRANT -KPIC -DENABLE_AES=1
But it looks like I have to wait for 0.7 for AES support, right? I'll probably
try a snapshot but not for our production server for obvious reasons.
Fortunately, I can always force MIT to use 3DES and not AES and then it
interops fine with heimdal. But it's certainly nicer if it works
out-of-the-box without additional configuration.
Karsten.