[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changes in kdc.conf in from version 0.7.2 to version 1.0.1


On Thu, 2007-09-20 at 16:58 +0100, Dr A V Le Blanc wrote:
> I have a heimdal KDC running on a Debian box, using version 0.7.2.
> I'm interested in changing to 1.0.1 because of a number of problems
> that have been solved, but I see two difficulties when I experiment
> with the later version:
> My old kdc.conf has the line
>      default_keys = v5 des3:pw-salt des:afs3-salt:<afscellname>
>      kadmin: bad value for default_keys `v5': encryption type pw-salt not supported
> In other words, the support for aes256-cts-hmac-sha1-96 and
> arcfour-hmac-md5 appears to have disappeared, even when I try to
> add them explicitly to supported_enctypes.  I don't see anything
> in the documentation about either of these changes.  Can anyone
> explain what's the problem?

I've noticed the change as well. After some reading of the Heimdal
documentation I've found a solution that is ok for us:

        default_keys = aes256-cts-hmac-sha1-96:pw-salt arcfour-hmac-md5:pw-salt des3-cbc-sha1:pw-salt des-cbc-crc:afs3-salt:<cell name>

It only contains the strong v5 enc types and additionally an old v4
(afs) one. This one is needed to make klog work.


| Andreas Haupt             | E-Mail: andreas.haupt@desy.de
|  DESY Zeuthen             | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6          | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen          | Fax:    +49/33762/7-7216