[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
question: etypes and krb5key
Hi,
I using heimdal + openldap and i would like understand a question,
maybe two questions.
Well, heimdal is able to write all Principal information and Ticket
information on ldap database. Thus I can create a new principal just
adding a new entry on ldap.
dn: cn=teste@aaa.bbb.cc,ou=aaa,o=bbb,c=cc
objectClass: top
objectClass: person
objectClass: krb5Principal
objectClass: krb5KDCEntry
krb5PrincipalName: nssproxy@AAA.BBB.CC
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: nssproxy@AAA.BBB.CC
sn: nssproxy@AAA.BBB.CC
userPassword:: e1NBU0x9bnNzcHJveHlATENDLlVGTUcuQlI=
krb5KeyVersionNumber: 1
krb5Key::MEagAwIBAaE/MD2gAwIBEKE2BDRA6r72yL61lRhzysoatu1WJAUHI0q93UDy2nGpv4LlEe1dvqJrIfDmsMFFrqgcl2hNB8lg
...
...
...
Looking manpage, there's a section 'etypes' that show the valid
encryption types. When I try add
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
the etypes that use hmac and aes doesn't work, i have the message
'encryption type des3-hmac-sha1 not supported' by kadmind. This support
really does not exist?
And the other question is: how is generated the krb5key on ldap server,
how can I create this atrribute without use kadmin or kpasswd?
Thanks for everything!
--
<+====================================================+>
.~. Gessy Caetano da Silva Júnior
/ v \ Laboratório de Computação Científica
/( )\ LCC/CENAPAD Tel: 3499-5389
^^-^^ Universidade Federal de Minas Gerais
GNU/Linux
<+====================================================+>