[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Default Principals AES Keys
Greetings Love,
I tried the config change and it still didn't work for me (using four
separate [kadmin] default_keys entries. As long as I know though that it
should work, meaning that the krbtgt/REALM@REALM is supposed to be able to
have more than the 3 DES and DES3 keys, I can muddle through it.
I also have the weirdest thing with using kstash -e
aes256-cts-hmac-sha1-96 (instead of aes128)...it gives me a 'bad
encryption length' error. Running this on Solaris 9.
Thanks for your help and response. Very appreciated.
Sincerely,
John Harris
Campus Data Center Administrator
University of California, Davis
530-754-9534
On Tue, 12 Apr 2005, Love Hörnquist Åstrand wrote:
>
> John Harris <harris@ucdavis.edu> writes:
>
> > Greetings,
> >
> > I am having a nightmare of a time trying to get AES encryption to work for
> > a normal TGT. I can successfully make the master database stash key with:
> >
> > kstash -e aes128-cts-hmac-sha1-96
> >
> > I then use kadmin -l to init a REALM. The default principal is made
> > with the keys I specify in the config file, as are principals I make.
> > However, I cannot seem to figure out how to get krbtgt/REALM to use AES.
> > It only wants to make des and 3des types.
> >
> > Any ideas????
>
> your [kamin]default_keys staza is wrong.
>
> It should be
>
> [kadmin]
> default_keys = aes256-cts-hmac-sha1-96:pw-salt
> default_keys = aes128-cts-hmac-sha1-96:pw-salt
> default_keys = des3-cbc-sha1:pw-salt
> default_keys = des-cbc-md5:pw-salt
>
> You are missing the salting.
>
> Love
>
>