[3062] in Kerberos-V5-bugs
pending/708: Problems with KRB5_KDB_SUPPORT_DESMD5
daemon@ATHENA.MIT.EDU (John Brezak)
Wed Mar 31 22:30:06 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, John Brezak <jbrezak@microsoft.com>
Date: Wed, 31 Mar 1999 19:29:12 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
>Number: 708
>Category: pending
>Synopsis: Problems with KRB5_KDB_SUPPORT_DESMD5
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Mar 31 22:30:01 EST 1999
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Version - 1.0.5
I couldn't manage to get the KRB5_KDB_SUPPORT_DESMD5 flag set in the
kdb_entry attributes of a principal so that the KDC would accept requests
for a DES-CBC-MD5 key type. It appears that the default is to only use CRC
keytypes. I didn't have any luck using the kdc.conf with the
default_principal_flags = +md5, so I added this change to kadmin so that I
can at least get this to work and be able to see and modify this flag.
Is anyone using DES-CBC-MD5 service tickets? This seems real difficult to
get this to work.
*** kadmin.c~ Fri Feb 6 19:42:21 1998
--- kadmin.c Wed Mar 31 19:09:41 1999
***************
*** 55,61 ****
{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0},
{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
! {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 }
};
static char *prflags[] = {
--- 55,62 ----
{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0},
{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
! {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 },
! {"md5", 3, KRB5_KDB_SUPPORT_DESMD5, 0}
};
static char *prflags[] = {
***************
*** 72,78 ****
"UNKNOWN_0x00000400", /* 0x00000400 */
"UNKNOWN_0x00000800", /* 0x00000800 */
"DISALLOW_SVR", /* 0x00001000 */
! "PWCHANGE_SERVICE" /* 0x00002000 */
};
char *getenv();
--- 73,80 ----
"UNKNOWN_0x00000400", /* 0x00000400 */
"UNKNOWN_0x00000800", /* 0x00000800 */
"DISALLOW_SVR", /* 0x00001000 */
! "PWCHANGE_SERVICE", /* 0x00002000 */
! "SUPPORT_DESMD5" /* 0x00004000 */
};
char *getenv();
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052
