[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More kpasswd woes.

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: More kpasswd woes.
From: Alf Wachsmann <alfw@slac.stanford.edu>
Date: Fri, 5 Mar 2004 15:06:41 -0800 (PST)
Cc: heimdal-discuss@sics.se
In-Reply-To: <p05210604bc6e849832b3@[137.78.212.225]>
References: <p05210604bc6e849832b3@[137.78.212.225]>
Sender: owner-heimdal-discuss@sics.se

On Fri, 5 Mar 2004, Henry B. Hotz wrote:
> The Solaris SEAM kpasswd command and the Heimdal kpasswd seem to
> work.  They change the password without error, but the resulting keys
> are like this:
>
> Keytypes(salttype[(salt-value)]): des3-cbc-sha1(pw-salt),
> des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)
>
> which works fine with kinit, but not with good old AFS klog.
> [ snip ]
> [kadmin]
>          default_keys = des3:pw-salt v4

This "default_keys" definition is the problem.

The following works for our AFS cell "slac.stanford.edu":

[kadmin]
  default_keys = v4 des:afs3-salt:slac.stanford.edu

You need to explicitly put your AFS cell name as the salt in there.

-- Alf.

-----------------------------------------------------------------------
  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
-----------------------------------------------------------------------
                http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------

Follow-Ups:
- Re: More kpasswd woes.
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- More kpasswd woes.
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: More kpasswd woes.
Next by Date: Re: More kpasswd woes.
Prev by thread: More kpasswd woes.
Next by thread: Re: More kpasswd woes.
Index(es):
- Date
- Thread