[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deleting only some salt types

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Deleting only some salt types
From: Love <lha@stacken.kth.se>
Date: Sun, 13 Feb 2005 16:40:25 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <cb5c705791ca4e21a1fafb96a4bbe0c5@jpl.nasa.gov> (Henry B.Hotz's message of "Thu, 10 Feb 2005 15:59:47 -0800")
References: <cb5c705791ca4e21a1fafb96a4bbe0c5@jpl.nasa.gov>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> The application is a cross-realm trust with Windows AD, and I don't
> know that this is the problem, but. . .
>
> Is there a way to delete specific salts within an encryption type?  I
> did a normal add for the krbtgt's with a password I can then type into
> Windows.  Then deleted all the encryption types except des-cbc-md5,
> and  changed the kvno back to 1.

No, there is no way to delete a specific salt + enctype, just enctype.

I usully change the [kdc]\ndefault_keys= line on the kdc when doing stuff
like this. 

> I still have two keys though, one with the normal pw-salt(), and
> another with an afs3 salt which I'm sure Windows hasn't a clue about.
> (Hmmm.  Should be both v4 and v5 salts as well as afs3?  Different
> issue.)

Windows does have problems with v4 salted password, I think its fixed, but
not released yet. You really don't need to keep afs3 salted keys around,
klog also tries v4 s2k since about 10 years ago or so.

Love

PGP signature

Follow-Ups:
- Re: Deleting only some salt types
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Deleting only some salt types
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: Compiling heimdal+pkinit in a Debian sid
Next by Date: Re: Using GSSAPI without implicit static/global variables
Prev by thread: Deleting only some salt types
Next by thread: Re: Deleting only some salt types
Index(es):
- Date
- Thread