[24432] in Kerberos

home help back first fref pref prev next nref lref last post

Re: What is 'flavor'?

daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Aug 9 22:07:59 2005

To: Mike Friedman <mikef@ack.berkeley.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 09 Aug 2005 22:07:16 -0400
In-Reply-To: <20050809164314.U75407@malcolm.berkeley.edu> (Mike Friedman's
 message of "Tue, 9 Aug 2005 16:51:17 -0700 (PDT)")
Message-ID: <ldvek928rzf.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

>>>>> "mikef" == Mike Friedman <mikef@ack.berkeley.edu> writes:

mikef> I've just set up a 1.4.1 KDC and I notice what appears to be new
mikef> information in kadmind log messages, namely, 'flavor=nnnnn'. I don't
mikef> think I've seen this on my current production KDC, which is 1.3.4.
mikef> So, some questions:

mikef> o  What does 'flavor' mean in this context?

That would be the ONCRPC authentication flavor.

mikef> o Is this information, in particular the meaning of specific flavor
mikef> values, documented?

mikef> So far, I've seen the following values for 'flavor':  6 and
mikef> 300001. The former corresponds to an interactive kadmin
mikef> authentication;  the latter to a kadmin using a keytab.  But thus far
mikef> I have no further information, so I'm hoping someone can enlighten me.

6 is RPCSEC_GSS, which is the IETF standards-track authentication
flavor for using GSSAPI in RPC.  300001 would be the AUTH_GSSAPI
flavor developed by OpenVision, which is not standards-track.  See
RFCs 1831, 1832, 2203, etc. for details.

I'm not quite sure why you're seeing 300001 when using a keytab.
Exactly how are you invoking kadmin using a keytab?  And which release
are you running on the kadmin client?  RPCSEC_GSS (flavor 6) should
be used in preference to 300001 by modern MIT krb5.

---Tom
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post