[1725] in Kerberos-V5-bugs
Multiple encryption type handling
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu Nov 16 08:16:30 1995
Date: Thu, 16 Nov 1995 08:15:05 -0500
To: krb5-bugs@MIT.EDU, proven@MIT.EDU, tytso@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
Now that I have Triple-DES somewhat working, I have identified some
problems in the remainder of the code, which will require at least one
or two changes to the core libraries and calling semantics (they need
not affect the existing API, but are required to handle multiple
encryption types cleanly).
Example:
Let's say that I have DES and 3DES keys registered for host/foo.bar.org
Now, let's assume that we wish to use BSD krlogin, and that only
supports DES session keys.
Problem:
How do I specify to simply get a DES session key?
Answer:
If there is nothing in the ccache, I can do krb5_set_default_in_tkt_ktypes()
This is only because the call to send_tgs from krb5_get_cred_via_tkt()
is called with a NULL ktypes. Theoretically, I should set the ktypes
in the context, instead of overloading it with this function.
However, I need to have a way of specifying which ktype keys to
search for in the ccache, and to force a retrieve of yet another
credential from the KDC, if there is no match.
Ideas? Implementation?
Richard Basch URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
