[19333] in Kerberos
default_tgs_enctypes confusion
daemon@ATHENA.MIT.EDU (Jason C. Wells)
Thu May 29 22:10:33 2003
From: "Jason C. Wells" <jcwells1@highperformance.net>
Date: Thu, 29 May 2003 19:03:43 -0700
Message-ID: <Pine.BSF.4.44.0305291838000.5533-100000@s1.stradamotorsports.com>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
The man page for krb5.conf states that default_tgs_enctypes is a list
session key encryption types that should be returned by the KDC. Also,
default_tkt_enctypes is a list of session key encryption types the should
be requested by the client.
So, if I omit an encryption type, then I am not requesting that encryption
type. Right?
When I delete completely des3-hmac-sha1 from my krb5.conf and get a new
TGT, I still get a des3-hmac-sha1 encryption type on my TGT.
How is this possible?
D:\>klist -e
Ticket cache: API:krb5cc
Default principal: ldsflkskdjf@STRADAMOTORSPORTS.COM
Valid starting Expires Service principal
05/29/03 18:49:34 05/30/03 04:49:34
krbtgt/STRADAMOTORSPORTS.COM@STRADAMOTORSPORTS.COM
Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode
with HMAC/sha1
TIA,
Jason C. Wells
(BTW, I did not realize this group was gatewayed to a mailing list. I can
understand why a person who uses the mailing list would be put off by a
faze email address. My apologies to any who got a bounced message from
me. I thought this was just a newsgroup. The address I am using now is
real.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
