[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Default Principals AES Keys

Greetings Love,

I tried the config change and it still didn't work for me (using four
separate [kadmin] default_keys entries.  As long as I know though that it
should work, meaning that the krbtgt/REALM@REALM is supposed to be able to
have more than the 3 DES and DES3 keys, I can muddle through it.

I also have the weirdest thing with using kstash -e
aes256-cts-hmac-sha1-96 (instead of aes128)...it gives me a 'bad
encryption length' error.  Running this on Solaris 9.

Thanks for your help and response.  Very appreciated.


John Harris
Campus Data Center Administrator
University of California, Davis

On Tue, 12 Apr 2005, Love Hörnquist Åstrand wrote:

> John Harris <harris@ucdavis.edu> writes:
> > Greetings,
> >
> > I am having a nightmare of a time trying to get AES encryption to work for
> > a normal TGT.  I can successfully make the master database stash key with:
> >
> > kstash -e aes128-cts-hmac-sha1-96
> >
> > I then use kadmin -l to init a REALM.  The default principal is made
> > with the keys I specify in the config file, as are principals I make.
> > However, I cannot seem to figure out how to get krbtgt/REALM to use AES.
> > It only wants to make des and 3des types.
> >
> > Any ideas????
> your [kamin]default_keys staza is wrong.
> It should be
> [kadmin]
> 	default_keys = aes256-cts-hmac-sha1-96:pw-salt
> 	default_keys = aes128-cts-hmac-sha1-96:pw-salt
>         default_keys = des3-cbc-sha1:pw-salt
>         default_keys = des-cbc-md5:pw-salt
> You are missing the salting.
> Love