[24432] in Kerberos
Re: What is 'flavor'?
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Aug 9 22:07:59 2005
To: Mike Friedman <mikef@ack.berkeley.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 09 Aug 2005 22:07:16 -0400
In-Reply-To: <20050809164314.U75407@malcolm.berkeley.edu> (Mike Friedman's
message of "Tue, 9 Aug 2005 16:51:17 -0700 (PDT)")
Message-ID: <ldvek928rzf.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "mikef" == Mike Friedman <mikef@ack.berkeley.edu> writes:
mikef> I've just set up a 1.4.1 KDC and I notice what appears to be new
mikef> information in kadmind log messages, namely, 'flavor=nnnnn'. I don't
mikef> think I've seen this on my current production KDC, which is 1.3.4.
mikef> So, some questions:
mikef> o What does 'flavor' mean in this context?
That would be the ONCRPC authentication flavor.
mikef> o Is this information, in particular the meaning of specific flavor
mikef> values, documented?
mikef> So far, I've seen the following values for 'flavor': 6 and
mikef> 300001. The former corresponds to an interactive kadmin
mikef> authentication; the latter to a kadmin using a keytab. But thus far
mikef> I have no further information, so I'm hoping someone can enlighten me.
6 is RPCSEC_GSS, which is the IETF standards-track authentication
flavor for using GSSAPI in RPC. 300001 would be the AUTH_GSSAPI
flavor developed by OpenVision, which is not standards-track. See
RFCs 1831, 1832, 2203, etc. for details.
I'm not quite sure why you're seeing 300001 when using a keytab.
Exactly how are you invoking kadmin using a keytab? And which release
are you running on the kadmin client? RPCSEC_GSS (flavor 6) should
be used in preference to 300001 by modern MIT krb5.
---Tom
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos