[2136] in Kerberos-V5-bugs
Re: Kerberos 4 support in krb5kdc
daemon@ATHENA.MIT.EDU (David Slack)
Fri Aug 9 10:27:51 1996
Date: Fri, 9 Aug 1996 08:27:27 -0600
From: David Slack <slack@elendil.cc.utah.edu>
To: tytso@MIT.EDU
Cc: krb5-bugs@MIT.EDU
In-Reply-To: <9608080244.AA08646@dcl.MIT.EDU>
Reply-To: slack@cc.utah.edu
On Wed, 7 August 1996, Theodore Y. Ts'o wrote:
> Hi there,
> My apologies for not getting back to you sooner; I've been on
> vacation for the past week, and am only now starting to crawl out from
> under the mountain of email that built up while I was gone....
No problem...hope you had a great vacation!
> We have Kerberos 5 beta 6 running quite well on a mix of
> Solaris and Linux boxes. Our problem is getting the krb5kdc to answer
> Kerberos 4 ticket requests. We have the kdc running on a Sun (Solaris
> 2.4). When we ask for a ticket with a Kerberos 4 kinit (on a Sun, a
> PC, or a Mac), it always says incorrect password.
>
> The problem is that you need enter the password using the V4-compatible
> salt. (This can be done using the kdb5_edit command "av4k", for
> example). Make sure the your kdc.conf file has a supported_enctypes
> line so that password changes will include the V4 salt. (see
> src/config-files/kdc.conf for a example kdc.conf).
Great! It works now. I checked my kdc.conf, and realized it
was correct, but I had corrected it AFTER I had added accounts to the
database. When I changed passwords on the accounts, the new keys were
created. I'm not sure what the av4k command is, it didn't work for
me. I assume its a salt time used with ank. Anyhow, it
works...thanks for the help!
-- David Slack <slack@cc.utah.edu>
University of Utah Computer Center - Network Operations
