[24209] in Kerberos
Re: Updating encryption types
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Mon Jul 4 23:58:33 2005
In-Reply-To: <20050704202911.GA14872@sun.com>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <665f57787b53899e53a1b30c9a729c7e@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Mon, 4 Jul 2005 23:57:42 -0400
To: "'kerberos@mit.edu'" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
On Jul 4, 2005, at 16:29, Will Fiveash wrote:
> On Fri, Jul 01, 2005 at 02:52:55PM -0700, Phil Dibowitz wrote:
>> Is there a way to tell what encryption type is being used for the
>> session
>> key? I'm assuming the "3 etypes {511 511 1}" means there are three
>> encryption
>> types defined (which seems right)... but then there's "etypes {rep=1
>> tkt=1
>> ses=1}" which I interpret to say the session key is type "1" (DES?).
The "3 etypes" bit should be for the encryption types the client
indicates to the KDC that it supports (or that it wants used), in the
request message. (Though I don't know what 511 would be; in the MIT
code, 0x1ff is ENCTYPE_UNKNOWN, but we shouldn't be transmitting that
in any requests. Are you actually seeing the above with an MIT
client?)
> Anyway, I know RFC 1510 has some
> of the older enctype IDs:
> and draft-raeburn-krb-rijndael-krb-05.txt has:
http://www.iana.org/assignments/kerberos-parameters has these now, btw,
except for changing 0 from "NULL" to "reserved". (Though the
references are outdated and should point to RFCs; I've just asked IANA
to fix that.)
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
