[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: windows interop
>> In other words, [the way I see it] rc4-hmac should unconditionally go
> IIRC the enctype is defined that way.
That is correct. So one can even strengthen the statement and say
"rc4-hmac *must* go unsalted," right?
> You're just asking that it be
> (accurately) reported that way in the PA-ENCTYPE-INFO.
Well, PA-ENCTYPE-INFO is not the only place where [non-existing in this
case] salt appears, it's exposed in PA-PW-SALT on wire and there is a
hint in 'get principal' in kadmin.
> Doesn't sound like a big deal to fix. Do you have a patch?
Well, I do have kludgy patch that omits it from PA-ENCTYPE-INFO (that's
how I could confirm what it takes to make XP negotiate rc4-hmac with
Heimdal), but I'd like to see consistency or at least consensus on how
to address this problem. As mentioned in previous post I reckon that
ideally database itself should be corrected (so that 'get principal'
shows 'archfour-hmac-md5(null)' or something), nor should key generation
procedure pass salt downstream for enc_type in question. Well, I realize
that it might be to much to ask... Cheers. A.