[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Changes in kdc.conf in from version 0.7.2 to version 1.0.1

I have a heimdal KDC running on a Debian box, using version 0.7.2.
I'm interested in changing to 1.0.1 because of a number of problems
that have been solved, but I see two difficulties when I experiment
with the later version:

My old kdc.conf has the line

     default_keys = v5 des3:pw-salt des:afs3-salt:<afscellname>

(with the AFS cell name in it, of course) but this doesn't
seem to be acceptable to the new heimdal.  It objects to v5
with the message

     kadmin: bad value for default_keys `v5': encryption type pw-salt not supported

but note that it does not object to the 'des3:pw-salt' keytype.

My other problem is that the old kdc creates by default enctypes

     des-cbc-md5 des-cbc-md4 des-cbc-crc aes256-cts-hmac-sha1-96
     arcfour-hmac-md5 des3-cbc-sha1 

while the new kdc has only

     des3-cbc-sha1 des-cbc-md5 des-cbc-md4 des-cbc-crc 

In other words, the support for aes256-cts-hmac-sha1-96 and
arcfour-hmac-md5 appears to have disappeared, even when I try to
add them explicitly to supported_enctypes.  I don't see anything
in the documentation about either of these changes.  Can anyone
explain what's the problem?

     -- Owen