[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Which key type gets selected?

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Suppose an as-req-equivalent comes in and it's restricted to, say,
> des-cbc-crc.
> Suppose you have three of those keys in the DB.  One each with the V4
> salt, the AFS salt, and the V5 salt.
> Which one gets returned?
> Obviously you would *like* it to return the V4 one if it's a K4
> request, the AFS one if its a kaserver request (rx over 7004), and
> you'd like it to return the V5 one if it's a K5 request.  I don't
> offhand see how the code decides.  I'd also like to trace what the
> backup is if one of the types is missing.

Yes, that is how it works. The v4 and kaserver code preferer their "own"
salt-types, see get_des_key() in kdc/kerberos4.c


PGP signature