[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

question: etypes and krb5key


I using heimdal + openldap and i would like understand a question, 
maybe  two questions.

Well, heimdal is able to write all Principal information and Ticket 
information on ldap database. Thus I can create a new principal just 
adding a new entry on ldap.

dn: cn=teste@aaa.bbb.cc,ou=aaa,o=bbb,c=cc
objectClass: top
objectClass: person
objectClass: krb5Principal
objectClass: krb5KDCEntry
krb5PrincipalName: nssproxy@AAA.BBB.CC
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: nssproxy@AAA.BBB.CC
sn: nssproxy@AAA.BBB.CC
userPassword:: e1NBU0x9bnNzcHJveHlATENDLlVGTUcuQlI=
krb5KeyVersionNumber: 1

Looking manpage, there's a section 'etypes' that show the valid 
encryption types. When I try add

default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5

the etypes that use hmac and aes doesn't work, i have the message 
'encryption type des3-hmac-sha1 not supported' by kadmind. This support 
really does not exist?

And the other question is: how is generated the krb5key on ldap server, 
how can I create this atrribute without use kadmin or kpasswd?

Thanks for everything!

      .~.    Gessy Caetano da Silva Júnior
     / v \   Laboratório de Computação Científica
    /(   )\  LCC/CENAPAD 	Tel: 3499-5389
     ^^-^^   Universidade Federal de Minas Gerais