[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch to prevent krb5Key attrs in Samba LDAP entries

On Thu, 19 May 2005 13:03:06 +0200
Love Hörnquist Åstrand <lha@kth.se> wrote:

> Wont using
> 
> [kadmin]
>         default_keys = arcfour-hmac-md5:pw-salt
> 
> give you the behavior of the first delta ?

This gives me this error when I try to kinit:

	salt type 3 not supported

When have this in my krb5.conf

    [libdefaults]
        ticket_lifetime = 5h
        default_realm = CISE.UFL.EDU
        default_tkt_enctypes = arcfour-hmac-md5
        default_tgs_enctypes = arcfour-hmac-md5
        default_etypes = arcfour-hmac-md5
        default_keys = arcfour-hmac-md5
    (...)
    [kadmin]
        default_etypes = arcfour-hmac-md5
    
I can kinit just fine, but a password change with kadmin still gives
me 

     Keytypes:  des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), 
                des-cbc-crc(pw-salt), aes256-cts-hmac-sha1-96(pw-salt), 
                des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt)

This is with an unmodified heimdal install (snapshot 20050510).

If I can figure out how to use only the type 23 key with config files my
patch would not be necessary, and that'd be fine with me.

Jim