[3359] in Kerberos-V5-bugs
krb5-kdc/1121: kdc does not support des3-hmac-sha1 by default
daemon@ATHENA.MIT.EDU (William Fiveash)
Thu Jun 20 20:35:17 2002
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, willf@alton.central.sun.com
Message-Id: <200206210033.g5L0X0U10735@alton.central.sun.com>
From: William Fiveash <willf@alton.central.sun.com>
Reply-To: willf@alton.central.sun.com
To: krb5-bugs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Thu, 20 Jun 2002 19:33:00 -0500 (CDT)
>Number: 1121
>Category: krb5-kdc
>Synopsis: kdc does not support des3-hmac-sha1 by default
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 20 20:34:00 EDT 2002
>Last-Modified:
>Originator: William Fiveash
>Organization:
Sun Microsystems Inc.
>Release: krb5-1.2.5
>Environment:
System: SunOS alton 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
When setting "master_key_type = des3-hmac-sha1" in kdc.conf and creating
the principal db, krb5kdc will fail to start unless "supported_enctypes
= des3-hmac-sha1" is also set. krb5kdc should support des3-hmac-sha1 by
default.
>How-To-Repeat:
>Fix:
--- src/lib/kadm5/alt_prof.c.orig Thu Jun 20 19:07:24 2002
+++ src/lib/kadm5/alt_prof.c Thu Jun 20 19:17:56 2002
@@ -943,6 +943,11 @@
hierarchy[2] = "supported_enctypes";
kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
}
+ /* Why not support the same defaults found in kadm5_get_config_params()?
+ */
+ if (svalue == NULL) {
+ svalue = strdup("des3-hmac-sha1:normal des-cbc-crc:normal");
+ }
if (!kret) {
krb5_string_to_keysalts(svalue,
", \t", /* Tuple separators */
@@ -951,6 +956,7 @@
&rparams->realm_keysalts,
&rparams->realm_num_keysalts);
krb5_xfree(svalue);
+ svalue = NULL;
}
kret = 0;
}
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
