[23656] in Kerberos
Re: netapp, nfs, kerberos, and ldap
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Apr 6 14:37:01 2005
To: Mark Dieterich <mkd@cs.brown.edu>
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 06 Apr 2005 14:36:18 -0400
In-Reply-To: <20050406173634.GA12120@cs.brown.edu> (Mark Dieterich's message
of "Wed, 6 Apr 2005 13:36:34 -0400")
Message-ID: <tsl64yz4usd.fsf@cz.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "Mark" == Mark Dieterich <mkd@cs.brown.edu> writes:
Mark> encryption. I'm clearly missing something here. I thought
Mark> that kerberos would provide the least common denominator for
Mark> encryption type, i.e. we could have our database be
Mark> encrypted with des3-hmac-sha1, with des-cgc-crc encrypted
Mark> tickets stored in it. As long as all the tickets for a
Mark> particular service are des-cgc-crc encrypted, the
Mark> clients/servers would get des-cgc-crc encrypted tickets.
Mark> Can you set me straight?
I thought the same thing. If your service (nfs/hostname) has only a
des-cbc-crc key, then the ticket key and session key should both be
des-cbc-crc. I'd look at your KDC log and see what's being issued.
Sam Hartman
MIT Kerberos Team
MIt Information Services and Technology
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos