[29767] in Kerberos
MIT krb5-1.6.3: getprinc shows 'no salt' on all keys
daemon@ATHENA.MIT.EDU (Mike Friedman)
Fri Apr 25 19:32:14 2008
Date: Fri, 25 Apr 2008 16:30:10 -0700 (PDT)
From: Mike Friedman <mikef@berkeley.edu>
To: MIT Kerberos Mailing List <kerberos@mit.edu>
Message-ID: <20080425161848.R1512@malcolm.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even though
the enctypes in kdc.conf's supported-enctypes all show a salt type of
':normal'. I thought ':normal' meant salt with principal and realm, in
any case not 'no salt'.
Here's what kdc.conf has:
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
And here's an extract of a principal's entry as shown by getprinc:
Number of keys: 2
Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 3, DES cbc mode with CRC-32, no salt
I've seen this on two different 1.6.3 servers, with different sets
of supported-enctypes (all with ':normal' as the salt type).
On my 1.4.2 system, where kdc.conf looks like this:
supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 des-cbc-crc:v4
I get this principal key information:
Number of keys: 5
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
So, why the 'no salt' in all the key descriptions for 1.6.3?
Thanks.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef@berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEARECAAYFAkgSaYMACgkQFgKSfLOvZ1R+nACggh0hL1WQJR7je79c3xralo/g
owQAoIYGSHlgwPFExcLwPdAI9EPMCP6V
=2RID
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
