[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Default Principals AES Keys

To: John Harris <harris@ucdavis.edu>
Subject: Re: Default Principals AES Keys
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 12 Apr 2005 18:26:04 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <Pine.GSO.4.58.0504111543440.24286@tsurnami.ucdavis.edu> (JohnHarris's message of "Mon, 11 Apr 2005 15:47:31 -0700 (PDT)")
References: <Pine.GSO.4.58.0504111543440.24286@tsurnami.ucdavis.edu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)


John Harris <harris@ucdavis.edu> writes:

> Greetings,
>
> I am having a nightmare of a time trying to get AES encryption to work for
> a normal TGT.  I can successfully make the master database stash key with:
>
> kstash -e aes128-cts-hmac-sha1-96
>
> I then use kadmin -l to init a REALM.  The default principal is made
> with the keys I specify in the config file, as are principals I make.
> However, I cannot seem to figure out how to get krbtgt/REALM to use AES.
> It only wants to make des and 3des types.
>
> Any ideas????

your [kamin]default_keys staza is wrong.

It should be

[kadmin]
	default_keys = aes256-cts-hmac-sha1-96:pw-salt
	default_keys = aes128-cts-hmac-sha1-96:pw-salt
        default_keys = des3-cbc-sha1:pw-salt
        default_keys = des-cbc-md5:pw-salt

You are missing the salting.

Love

PGP signature

Follow-Ups:
- Re: Default Principals AES Keys
  - From: John Harris <harris@ucdavis.edu>

References:
- Default Principals AES Keys
  - From: John Harris <harris@ucdavis.edu>

Prev by Date: Re: Safest DB modification to repeat.
Next by Date: Re: Cybersafe To Heimdal Transition
Prev by thread: Default Principals AES Keys
Next by thread: Re: Default Principals AES Keys
Index(es):
- Date
- Thread