aes256-cts-hmac-sha1-96 support in Heimdal 0.6.2

[Karsten Künne <karsten.kuenne@desy.de>]

Hi,

I try to use aes256-cts-hmac-sha1-96 keys with Heimdal in order to be 
interoperable with MIT Kerberos but I can't get it to work. I created a fresh 
new principal with the proper keys (at least I hope so):

kadmin> get testing
               Principal: testing@RENTEC.COM
       Principal expires: never
        Password expires: never
    Last password change: never
         Max ticket life: 1 day
      Max renewable life: 1 week
                    Kvno: 1
                   Mkvno: 0
                  Policy: none
   Last successful login: never
       Last failed login: never
      Failed login count: 0
           Last modified: 2004-07-29 21:48:08 UTC
                Modifier: kuenne/admin@RENTEC.COM
              Attributes:
Keytypes(salttype[(salt-value)]): des3-cbc-sha1(pw-salt), des-cbc-md5
(pw-salt),des-cbc-md4(pw-salt), des-cbc-crc(pw-salt), des3-cbc-md5(pw-salt), 
arcfour-hmac-md5(pw-salt), aes256-cts-hmac-sha1-96(pw-salt)


Now, if I try to kinit with an aes256 key I get:

% kinit -e aes256-cts-hmac-sha1-96 testing
testing@RENTEC.COM's Password:
kinit: krb5_get_init_creds: encryption key has bad length


And MIT Kerberos gives me:

% /products/kerberos/bin/kinit testing
Password for testing@RENTEC.COM:
kinit(v5): Password incorrect while getting initial credentials

which is even more confusing as I'm absolutely sure I typed the correct 
password.

This is with Heimdal 0.6.2 (client and server). So, what's the status of 
aes256-cts-hmac-sha1-96 support in Heimdal? Is it broken or am I doing 
something stupid? Or do I need a newer snapshot?


Karsten.