[29781] in Kerberos
Re: Two enctype questions
daemon@ATHENA.MIT.EDU (Mike Friedman)
Wed Apr 30 15:40:29 2008
Date: Wed, 30 Apr 2008 12:37:26 -0700 (PDT)
From: Mike Friedman <mikef@berkeley.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
In-Reply-To: <200804301836.m3UIaaIE007111@hedwig.cmf.nrl.navy.mil>
Message-ID: <20080430123424.L16650@malcolm.berkeley.edu>
MIME-Version: 1.0
Cc: MIT Kerberos Mailing List <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Apr 2008 at 14:36 (-0400), Ken Hornstein wrote:
>> 1. I notice that on 1.6.3, getprinc shows 'no salt' for all keys, even
>> though the enctypes in kdc.conf's supported-enctypes all specify a salt
>> type of ':normal', which I thought meant salt with principal name and
>> realm. Why is this?
>
> "No salt" means "normal" in this case. Yes, that doesn't make any
> sense; I only report the news, not make it.
>
>> 2. Is there any way to change the enctype of the master database key?
>
> "no" (unless you're willing to write a fair amount of database-fiddling
> code, and probably lose your password history in the process).
Ken,
Thanks for the definitive answers. I may not like the answer to (2), but
at least now I know where I stand. As for (1), I figured as much, but had
to ask, given how non-intuitive it is.
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef@berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEARECAAYFAkgYynYACgkQFgKSfLOvZ1S2hACfXG7nLcpIvQ97kpVthwbCzjAQ
UjwAn0W2G7oGV4f20tmli7k1Ldlzhy4R
=w8io
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
