[6251] in Kerberos
KRB5: krb5_db_fetch_mkey
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri Nov 17 13:14:46 1995
Date: Fri, 17 Nov 1995 12:58:17 -0500
To: krbdev@MIT.EDU, kerberos@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
Why does krb5_db_fetch_mkey require that the proper encryption type be setup
within the keyblock argument when the keyblock contents are being
initialized from the stored master key? In other words, if "readfromkeyboard"
is false, why doesn't it simply initialize the key's enctype with the
enctype stored in the master key file, instead of requiring the parent
application to know exactly which type of master key is being used?
It isn't exactly as if there is any added security, because if someone
has access to the master key file, the first two bytes indicate the
encryption type (which can be looked up in krb5.h), and then you simply
re-invoke the programs specifying the correct keytype.
Richard Basch URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
