[24227] in Kerberos
Re: Updating encryption types
daemon@ATHENA.MIT.EDU (Kevin Coffman)
Wed Jul 6 19:22:04 2005
To: Phil Dibowitz <phil@usc.edu>
In-reply-to: <20050706224041.GT27759@usc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 06 Jul 2005 19:21:17 -0400
From: Kevin Coffman <kwc@citi.umich.edu>
Message-Id: <20050706232117.B975D1BB57@citi.umich.edu>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
> On Tue, Jul 05, 2005 at 01:48:54PM -0700, Phil Dibowitz wrote:
> > from kadmin, great (though is that "no salt" supposed to be there?)!
> >=20
> > However, klist -e shows:
> >=20
> > [phil@frantic unstale]$ klist -e
> > Ticket cache: FILE:/tmp/krb5cc_36070
> > Default principal: phil@ISD.USC.EDU
> >=20
> > Valid starting Expires Service principal
> > 07/05/05 13:36:31 07/05/05 23:36:31 krbtgt/ISD.USC.EDU@ISD.USC.EDU
> > Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CR=
> C-32=20
> > [phil@frantic unstale]$=20
> >=20
> > and the logs show:
> >=20
> > Jul 05 13:36:31 frantic.usc.edu krb5kdc[26284](info): AS_REQ (3 etypes {2=
> 3 16
> > 1}) 128.125.10.120: ISSUE: authtime 1120595791, etypes {rep=3D23 tkt=3D1 =
> ses=3D1},
> > phil@ISD.USC.EDU for krbtgt/ISD.USC.EDU@ISD.USC.EDU
> >=20
> > Neither the session key, nor my principal key seem to have been using the=
> new
> > encryption... it's not clear to me why...
>
>
> Anyone?
My guess is that your krbtgt/ISD.ISC.EDU@ISD.USC.EDU principal still
only has a des key. 'cpw -randkey -keepold' on that principal to
generate other keys.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
