[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changes in kdc.conf in from version 0.7.2 to version 1.0.1
On Thu, 2007-09-20 at 16:58 +0100, Dr A V Le Blanc wrote:
> I have a heimdal KDC running on a Debian box, using version 0.7.2.
> I'm interested in changing to 1.0.1 because of a number of problems
> that have been solved, but I see two difficulties when I experiment
> with the later version:
> My old kdc.conf has the line
> default_keys = v5 des3:pw-salt des:afs3-salt:<afscellname>
> kadmin: bad value for default_keys `v5': encryption type pw-salt not supported
> In other words, the support for aes256-cts-hmac-sha1-96 and
> arcfour-hmac-md5 appears to have disappeared, even when I try to
> add them explicitly to supported_enctypes. I don't see anything
> in the documentation about either of these changes. Can anyone
> explain what's the problem?
I've noticed the change as well. After some reading of the Heimdal
documentation I've found a solution that is ok for us:
default_keys = aes256-cts-hmac-sha1-96:pw-salt arcfour-hmac-md5:pw-salt des3-cbc-sha1:pw-salt des-cbc-crc:afs3-salt:<cell name>
It only contains the strong v5 enc types and additionally an old v4
(afs) one. This one is needed to make klog work.
| Andreas Haupt | E-Mail: firstname.lastname@example.org
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216