[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?

To: allbery@kf8nh.apk.net
Subject: Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Thu, 02 Sep 1999 18:12:20 -0400
cc: heimdal-discuss@sics.se
In-reply-to: Your message of "Thu, 02 Sep 1999 17:28:02 EDT." <199909022128.RAA26849@speaker.kf8nh.apk.net>
Sender: owner-heimdal-discuss@sics.se

>|  But that doesn't make any sense.  In reality, the _enctype_ is the
>|  same between AFS, V4, and V5 ... it's the salt algorithm that changes.
>+--->8
>
>Not true.  Enctypes, according to the code, are e.g. "des-cbc-crc"; the
>problem is that krb5 authentication doesn't work unless there is a
>(krb5-specific) des3-cbc-sha1 key defined.  The enctype *is* the same
>for AFS and krb4, however.

Ah, okay, this sounds like a Heimdal-specific thing.  Certainly we've
been using V5 with des-cbc-crc for years.

>The krb5 auth code appears to try the default salt first, then the AFS
>salt.

Hmmm, the MIT code supports a preauth mechanism to communicate back the
salt algorithm being used.

--Ken

References:
- Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
  - From: <allbery@kf8nh.apk.net>

Prev by Date: Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
Next by Date: Re: Is Heimdal thread safe?
Prev by thread: Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
Next by thread: Re: 0.1m: krb4 is krb4, krb5 is krb5, never the twain shall meet?
Index(es):
- Date
- Thread