[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Enabling arcfour on Heimdal-0.6.3/OpenBSD
As Love pointed out to me, in 0.6.x the default_keys entry is ignored
for "add -r".
You can edit dumpfile entries and merge the changes back. (Easier than
it sounds.)
You can use add --random-password instead of add -r. (Presume
similarly for cpw as for add.)
You can upgrade to 0.7.x.
On Oct 10, 2005, at 7:37 AM, Love Hörnquist Åstrand wrote:
>
> Rogier Krieger <rkrieger@gmail.com> writes:
>
>> Dear list,
>>
>> After a few days of trying and fiddling with the configuration, it
>> seems my KDC (Heimdal-0.6.3/OpenBSD, on OpenBSD 3.7) now generates RC4
>> keys (as well als the 3DES and DES keys) for my new principals.
>>
>> However, I don't seem to be able to get my krbtgt/* and kadmin/*
>> principals to also obtain arcfour keys. This seems to be the case both
>> when using kadmin to init the realm and when trying to change the
>> principals in question.
>
> Changing the password for the entries should change the enctypes
> assositated with the principal. There are no way today to add new
> enctypes
> except editing the dumpfiles. The dumpformat is documented in
> kadmin/dump-format.txt in the current snapshot tree, its not every
> hard to
> add new keys.
>
> Love
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu