[19131] in Kerberos
Re: key salting and kerberos v5
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Apr 27 19:55:42 2003
To: cryos98@yahoo.com (Calimer0)
From: Sam Hartman <hartmans@MIT.EDU>
Date: Sun, 27 Apr 2003 19:54:59 -0400
In-Reply-To: <3e217f40.0304271539.c448335@posting.google.com>
(cryos98@yahoo.com's message of "27 Apr 2003 16:39:00 -0700")
Message-ID: <tslk7dfjy24.fsf@konishi-polis.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "Calimer0" == Calimer0 <cryos98@yahoo.com> writes:
Calimer0> from kerberos FAQ 2.0:
>> In Kerberos 5 the complete principal name (including the realm)
>> is used as the salt
Calimer0> but listing principals properties with kadmin what I see
Calimer0> is:
Calimer0> [...] Key: vno 1, triple DES cbc mode with HMAC/sha1,
Calimer0> no salt Key: vno 1, DES cbc mode with CRC-32, no salt
Calimer0> [...]
Calimer0> I thought that key salting was the default behaviour,
It is. Kadmin should really say default salt not no salt. That's
what it actually means.
It says no salt because there is no salt tuple associated with the key
entry. When no such tuple exists, then the default salt is used.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
