[1028] in Kerberos_V5_Development
Multiple enctype support
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Mar 19 23:34:28 1996
Date: Tue, 19 Mar 1996 23:33:58 -0500
To: krbdev@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
After talking with Sam, I propose we do the following:
1. All get_entry routines (keytab, and kdb) should return a suitable
entry that satisfies the enctype (and other parameters) request. It is
up to the client using the get_entry routines to make sure that they are
using the appropriate enctype as the entry returned will correspond to
the exact entry in the keytab/kdb.
2. A libcrypto function should be added:
enctype_key_equiv(krb5_enctype e1, krb5_enctype e2)
This function will indicate if e1 and e2 are key equivalent. This will
reduce the number of places that we do special DES equivalency hacks.
Comments?
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
