[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Changes in kdc.conf in from version 0.7.2 to version 1.0.1
I have a heimdal KDC running on a Debian box, using version 0.7.2.
I'm interested in changing to 1.0.1 because of a number of problems
that have been solved, but I see two difficulties when I experiment
with the later version:
My old kdc.conf has the line
default_keys = v5 des3:pw-salt des:afs3-salt:<afscellname>
(with the AFS cell name in it, of course) but this doesn't
seem to be acceptable to the new heimdal. It objects to v5
with the message
kadmin: bad value for default_keys `v5': encryption type pw-salt not supported
but note that it does not object to the 'des3:pw-salt' keytype.
My other problem is that the old kdc creates by default enctypes
des-cbc-md5 des-cbc-md4 des-cbc-crc aes256-cts-hmac-sha1-96
while the new kdc has only
des3-cbc-sha1 des-cbc-md5 des-cbc-md4 des-cbc-crc
In other words, the support for aes256-cts-hmac-sha1-96 and
arcfour-hmac-md5 appears to have disappeared, even when I try to
add them explicitly to supported_enctypes. I don't see anything
in the documentation about either of these changes. Can anyone
explain what's the problem?