[23656] in Kerberos

home help back first fref pref prev next nref lref last post

Re: netapp, nfs, kerberos, and ldap

daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Apr 6 14:37:01 2005

To: Mark Dieterich <mkd@cs.brown.edu>
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 06 Apr 2005 14:36:18 -0400
In-Reply-To: <20050406173634.GA12120@cs.brown.edu> (Mark Dieterich's message
 of "Wed, 6 Apr 2005 13:36:34 -0400")
Message-ID: <tsl64yz4usd.fsf@cz.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

>>>>> "Mark" == Mark Dieterich <mkd@cs.brown.edu> writes:

    Mark> encryption.  I'm clearly missing something here.  I thought
    Mark> that kerberos would provide the least common denominator for
    Mark> encryption type, i.e. we could have our database be
    Mark> encrypted with des3-hmac-sha1, with des-cgc-crc encrypted
    Mark> tickets stored in it.  As long as all the tickets for a
    Mark> particular service are des-cgc-crc encrypted, the
    Mark> clients/servers would get des-cgc-crc encrypted tickets.
    Mark> Can you set me straight?


I thought the same thing.  If your service (nfs/hostname) has only a
des-cbc-crc key, then the ticket key and session key should both be
des-cbc-crc.  I'd look at your KDC log and see what's being issued.


Sam Hartman
MIT Kerberos Team
MIt Information Services and Technology


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post