[1624] in Kerberos-V5-bugs
krb5_edit add random keys will only use DES_CBC_CRC
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Sun Sep 10 10:21:10 1995
From: epeisach@MIT.EDU
Date: Sun, 10 Sep 1995 10:21:05 -0400
To: krb5-bugs@MIT.EDU
In admin/edit/cpw.c line 55 or so:
static krb5_key_salt_tuple ks_tuple_rnd_def[] = {{ ENCTYPE_DES_CBC_CRC, 0 }};
static int ks_tuple_rnd_def_count = 1;
This means that random keys can only be created with with type of
enctype. If that encryption type is not supported in the kdc.conf, then
random key addition will not be allowed.
I see three solutions to the problem:
a) Make ks_tuple_rnd_def an ordered list of encryption types to try
b) Add a command line option like "-k" to specify the master key enctype
c) Do (a), but allow it to be overridden by (b) or another line in the
profile.
I like (c) with the profile option.
I have a theory why DES_CBC_CRC is there - and that might be to allow v4
compatibility in generating service keys - but I am not possitive.
Ezra
