[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling arcfour on Heimdal-0.6.3/OpenBSD

As Love pointed out to me, in 0.6.x the default_keys entry is ignored  
for "add -r".

You can edit dumpfile entries and merge the changes back.  (Easier than  
it sounds.)

You can use add --random-password instead of add -r.  (Presume  
similarly for cpw as for add.)

You can upgrade to 0.7.x.

On Oct 10, 2005, at 7:37 AM, Love Hörnquist Åstrand wrote:

> Rogier Krieger <rkrieger@gmail.com> writes:
>> Dear list,
>> After a few days of trying and fiddling with the configuration, it
>> seems my KDC (Heimdal-0.6.3/OpenBSD, on OpenBSD 3.7) now generates RC4
>> keys (as well als the 3DES and DES keys) for my new principals.
>> However, I don't seem to be able to get my krbtgt/* and kadmin/*
>> principals to also obtain arcfour keys. This seems to be the case both
>> when using kadmin to init the realm and when trying to change the
>> principals in question.
> Changing the password for the entries should change the enctypes
> assositated with the principal. There are no way today to add new  
> enctypes
> except editing the dumpfiles. The dumpformat is documented in
> kadmin/dump-format.txt in the current snapshot tree, its not every  
> hard to
> add new keys.
> Love
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu