[23766] in Kerberos
Re: default encryption types
daemon@ATHENA.MIT.EDU (Markus Moeller)
Sun Apr 24 18:53:20 2005
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Fri, 22 Apr 2005 21:36:47 +0100
Message-ID: <42696062$0$83084$ed2619ec@ptn-nntp-reader01.plus.net>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
BTW. The MIT kdc is 1.2.x with no rc4 support.
Markus
"Markus Moeller" <huaraz@moeller.plus.com> wrote in message
news:200504221731.j3MHVDIQ013950@pacific-carrier-annex.mit.edu...
>
> I do have a setup with two kdcs ( A windows and non-windows kdc ). I'd
> like to
> use the highest encryption type available. The krb5.conf on my client
> looks like:
>
> [libdefaults]
> default_realm = W2K3.COM
> default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
> default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
>
> [realms]
> W2K3.COM = {
> kdc = kdc.w2k3.com:88
> kpasswd_server = kdc.w2k3.com:464
> }
> MIT.COM = {
> kdc = kdc.mit.com:88
> kpasswd_server = kdc.mit.com:464
> }
> [domain_realm]
> .mit.com = MIT.COM
> .w2k3.com = W2K3.COM
>
>
> A kinit user@W2K3.COM gives the following error:
> kinit(v5): KDC has no support for encryption type while getting initial
> credentials
>
> It works the other way round e.g.
> default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
> default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
>
>
> kinit user@MIT.COM gives no error and I get a tgt.
>
>
> I know that MS doesn't support 3DES, but I thought if I give a list it
> will use
> the next highest supported encryption type. Is this a buf in MS or does
> the
> standard allow this behaviour ?
>
>
> Thanks
> Markus
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos