[2171] in Kerberos-V5-bugs
Re: Using AFS String_to_key with K5 beta 6
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Aug 20 12:29:35 1996
To: Doug Engert <DEEngert@anl.gov>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Your message of "Tue, 20 Aug 1996 10:47:37 CDT."
<199608201547.KAA28294@pembroke.ctd.anl.gov>
Date: Tue, 20 Aug 1996 12:29:27 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>I would like to make a suggestion which would simplify the migration
>for AFS sites to Kerberos 5.
>[...]
>If the K5 database also contained the salt, rather then just a salt
>type, it could also handle realm name changes as well. (You may want
>to consider this for a future version of K5.)
Errr, the K5 database _does_ contain the salt. I've used this feature myself
for AFS cells that aren't in the same Kerberos realm. Unfortunately, the
beta 6 KDC sends back a salt that's always the current realm instead of
the salt that's in the database; I've sent in patches to krb5-bugs to
fix that problem.
--Ken
