[24196] in Kerberos
Updating encryption types
daemon@ATHENA.MIT.EDU (Phil Dibowitz)
Fri Jul 1 05:14:59 2005
Date: Fri, 1 Jul 2005 02:14:02 -0700
From: Phil Dibowitz <phil@usc.edu>
To: kerberos@mit.edu
Message-ID: <20050701091401.GT13640@usc.edu>
Mail-Followup-To: kerberos@mit.edu
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============85707703350240627=="
Errors-To: kerberos-bounces@mit.edu
--===============85707703350240627==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="dv+7Y1Jmnoh5Cnne"
Content-Disposition: inline
--dv+7Y1Jmnoh5Cnne
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
So reading through:
http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.1/doc/krb5-install/Upgr=
ading-to-Triple-DES-and-RC4-Encryption-Keys.html#Upgrading%20to%20Triple-DE=
S%20and%20RC4%20Encryption%20Keys
(the upgrading encryption types page)... regarding this sentence "Because of
the way the MIT Kerberos database is structured, the KDC will assume that a
service supports only those encryption types for which keys are found in the
database."
That makes me think that even if kdc.conf has:
default_tgs_enctypes =3D arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
and krb5.conf has:
default_tkt_enctypes =3D arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes =3D arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
Any principals created before the switchover will obviously be stored in the
old encryption type - but during authentication, what encryption type will =
be
used between the client and the KDC?
I'm a bit confused as to what all will use the new encryption types and what
will use the old encryption types.
Thanks.
--=20
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
--dv+7Y1Jmnoh5Cnne
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFCxQlZ7lkZ1Iyv898RAkEDAJ9FN49wq8D1A2ZT1+7hzEFptOcA7wCgwRCJ
wclaUGqhnfRi91uCqo9Zqrc=
=wjjK
-----END PGP SIGNATURE-----
--dv+7Y1Jmnoh5Cnne--
--===============85707703350240627==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============85707703350240627==--
