[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More kpasswd woes.

To: Alf Wachsmann <alfw@slac.stanford.edu>
Subject: Re: More kpasswd woes.
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Fri, 5 Mar 2004 15:39:56 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <Pine.LNX.4.58.0403051504080.963@iris01.slac.stanford.edu>
References: <p05210604bc6e849832b3@[137.78.212.225]><Pine.LNX.4.58.0403051504080.963@iris01.slac.stanford.edu>
Sender: owner-heimdal-discuss@sics.se

At 3:06 PM -0800 3/5/04, Alf Wachsmann wrote:
>On Fri, 5 Mar 2004, Henry B. Hotz wrote:
>>  The Solaris SEAM kpasswd command and the Heimdal kpasswd seem to
>>  work.  They change the password without error, but the resulting keys
>>  are like this:
>>
>>  Keytypes(salttype[(salt-value)]): des3-cbc-sha1(pw-salt),
>>  des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)
>>
>>  which works fine with kinit, but not with good old AFS klog.
>>  [ snip ]
>>  [kadmin]
>>           default_keys = des3:pw-salt v4
>
>This "default_keys" definition is the problem.
>
>The following works for our AFS cell "slac.stanford.edu":
>
>[kadmin]
>   default_keys = v4 des:afs3-salt:slac.stanford.edu
>
>You need to explicitly put your AFS cell name as the salt in there.

That seems entirely reasonable, but it doesn't explain why kpasswd 
does something different from kadmin/cpw.  Structurally that entry 
appears to only affect kadmin, while my problem is with kpasswd.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: More kpasswd woes.
  - From: Love <lha@stacken.kth.se>

References:
- More kpasswd woes.
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: More kpasswd woes.
  - From: Alf Wachsmann <alfw@slac.stanford.edu>

Prev by Date: Re: More kpasswd woes.
Next by Date: Re: "null" principal
Prev by thread: Re: More kpasswd woes.
Next by thread: Re: More kpasswd woes.
Index(es):
- Date
- Thread