[37074] in Kerberos
ktadd default enctype
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Fri Jun 5 07:24:23 2015
Date: Fri, 05 Jun 2015 07:24:06 -0400
From: John Devitofranceschi <jdvf@optonline.net>
To: kerberos@mit.edu
Message-id: <6DBA609A-440B-4C5D-A62E-EE0CEFD471B3@optonline.net>
MIME-version: 1.0
Content-Type: multipart/mixed; boundary="===============1537168466=="
Errors-To: kerberos-bounces@mit.edu
--===============1537168466==
Content-type: multipart/signed;
boundary="Apple-Mail=_57D87C60-F751-445B-A08D-BDF921FC4991";
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_57D87C60-F751-445B-A08D-BDF921FC4991
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
How is ktadd *supposed* to figure out which enctype(s) to use?
I am seeing an issue where kadmin=E2=80=99s ktadd, if left to its own =
devices, will generate a key with an encryption type that has nothing to =
do with the KDC=E2=80=99s supported_enctype list and ktadd seems to =
completely ignore the local client=E2=80=99s default/permitted enctype =
settings.
KDC supports: des3-cbc-sha1 des-cbc-crc (I know, I know)
=20
Client=E2=80=99s krb5.conf tells it to support: des-cbc-crc (I know, I =
know)=20
But when we run ktadd the resulting keytab=E2=80=99s key has des-cbc-md5
The client is an Oracle Linux with 1.6.1 krb5 client software.
Also, the KDC is using Sun Solaris 10 Kerberos software (not MIT).
Thanks for any insight!
jd=20=
--Apple-Mail=_57D87C60-F751-445B-A08D-BDF921FC4991
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF6DCCBeQw
ggPMoAMCAQICAxBgkDANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp
dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNTAzMTQxNDM4MzlaFw0x
NzAzMTMxNDM4MzlaMIGFMR4wHAYDVQQDExVKb2huIERldml0b2ZyYW5jZXNjaGkxITAfBgkqhkiG
9w0BCQEWEmpkdmZAb3B0b25saW5lLm5ldDEfMB0GCSqGSIb3DQEJARYQamR2ZkBob3RtYWlsLmNv
bTEfMB0GCSqGSIb3DQEJARYQZm9vbm9uQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK4hgmTqZnFEjGB/yk+/J5guSzz71ZVuemKLvEmRvDznUHJ/o8+NqgdWc87WILzB
8cCgfvjR8gtCe555md2xYof9NrNuFShKfTpP5mvG/ny4RYn1uq6FVgY5qBgz+4UDzE3W1ZniRIT6
EruOeawVpsl03AmaSbQNPXZTpxr6BiIfdnhEexuxXdJX9ytMM2yf20U/L/hmIuu+ML9bvXdsJNHn
iytTxDxB4v1BaplLKnQIvr8nvP8MuaOSUDP6SrAOkXgLFG0lqB6YLSW66aj1i1YHkQDK95iO+X0C
3l7iLJvCiVnG/PTFNdu2mZrJ0KzVzI0SJwvH4v0qSMcc8WaQ55cCAwEAAaOCAWYwggFiMAwGA1Ud
EwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
RlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBA
BgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG
SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5v
cmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwQQYD
VR0RBDowOIESamR2ZkBvcHRvbmxpbmUubmV0gRBqZHZmQGhvdG1haWwuY29tgRBmb29ub25AZ21h
aWwuY29tMA0GCSqGSIb3DQEBDQUAA4ICAQCqiwk6dIVSS4Q7t3vXmhNrORxhHD2R44a2h8wd43+P
x19y59yZe9Jio4N7gFTJ2QLrxE6hDbBlJBZ7EgVLfDVqBWVGt2nvERDrCtzPr/uze2KmPEA1Smpk
sLAuWp2gDUKflWNL2NLInGCsuqdYkfqxCB1Kc+ws6DhZtHt83SjktGodh66pBTRrpfDSUEsY/3VR
q+kgjjQyNIYWyi2rsJQ7gP/e8YfGJC43TYwpfpcRM/rKwanUVgSMVwhSow9cQ3m3HYGyHB3+7WcV
orsP9u1I57FXyIHMKWmjmLNizzhVY05pM2Cd/T/7PS3ZNig53kclY4hx/XwRPjY3aHahhZacNKh+
96ImmxgJljJfQkc9avy7zZnsAb4neUUiYOacS1y5wPhGzIYor5gy6nQYT2g/nE6bAsaljNJICHWD
TwUuQqYUq39eN5RUGSxUVPM+sQts/BEAFh2Autk/nM6HWsO/bqpdAJNtE4w8zUFB3Wo72DAauA08
ADIw5UOulnmEqb1p2HlOYy1WdGy5xnuoG6EpppRujEC/a6gWcRvdCj4zrRR+dc9I5sohl3zyikff
I583wuX04H4d81EcLgrJGzUjIvQVSpDCdqgUrG8yOqnWzekZwIWLFwsr17h5vRmE4bruvUsAD4iW
J+fn5bezyENj6haxbkVqhGA98EjWh+0ehjGCAzMwggMvAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg
Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWdu
aW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMQYJAwCQYF
Kw4DAhoFAKCCAYcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUw
NjA1MTEyNDA3WjAjBgkqhkiG9w0BCQQxFgQUwjL/Rwh7PGNa5rNUQP9G7DBrYuIwgZEGCSsGAQQB
gjcQBDGBgzCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2Vy
dC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEGCQMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQK
EwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENl
cnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwID
EGCQMA0GCSqGSIb3DQEBAQUABIIBAKhzX0H7AQ3R0LqpPYTL+sQ+BCv9IqQI8U7UXqSPRSfWTB36
KHW1co5kHCDWuCh90SvS8no2UqNId+2ltTNCmT5DMcL2UukDFuuXRtnCBzxSFI+ihywk0To1Asjs
zat/Py+/5vr4Yrq07lFBBVU+P+ONVxqXR/op8vmjjuQzCLwSpA+2yegC9raGfxcAz62e5yN60NNw
hueG+uw/AoSSvU5rh6Qdd2zj/wtgv/qph0Hftc06f4pkseBYRJqyMu+5/OWmegjZS7OVuGgxLciK
b2Q2O1gw3b6hT6y88s0BBCbISZWqZnlZF8zM0I5h/4uamXmDVE9sAmXbz/YgrGTQxU4AAAAAAAA=
--Apple-Mail=_57D87C60-F751-445B-A08D-BDF921FC4991--
--===============1537168466==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1537168466==--
