[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bad encryption length, other problems with 0.5+



I've been upgrading to 0.5.x and have been hitting some snags.  Generally
0.5 on clients works ok, although password changing likes to insist on
"password incorrect".  Upgrading the KDC to anything 0.5 or after is a no-go
- clients when trying to kinit always get "Key size is incompatible with
encryption type", something which I see very sporadic reports of elsewhere -
http://www.stacken.kth.se/lists/heimdal-discuss/2002-10/msg00017.html
(I thought I saw this on a NetBSD mailing list a while back as well, but
can't find it now)

Without upgrading the KDC however I still hit other issues which may be
related, so it's easier to think about spelunking them first.  I have a
srvtab with zephyr/zephyr which works fine.  If I convert it to a keytab
with 0.5.1 or 0.4e ktutil and try to use it to 0.5.1 or 0.4e kinit, I get
"bad password". If, on the KDC running 0.4e I extract a keytab with kadmin
-l, kinit from 0.5.1 gives me "encryption key has bad length". 0.4e kinit,
however, is happy with it.  This is dependant on forcing des-cbc-crc,
des-cbc-md5 works "less well".

I'd appreciate any ideas on where to look for what might be going wrong.

-- 

..ooOO chris@chiappa.net              | My opinions are my own  OOoo..
..ooOO chris.chiappa@oracle.com       | and certainly not those OOoo..
..ooOO http://www.chiappa.net/~chris/ | of my employer          OOoo..