[1200] in Kerberos_V5_Development
Quick followup on checksum types
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu May 16 16:42:31 1996
Date: Thu, 16 May 1996 16:40:31 -0400
To: krbdev@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
While the following should have worked, it didn't... however, because
our department is moving, I won't be able to follow up on it until after
our move...
/etc/krb5.conf:
[libdefaults]
. . .
safe_checksum_type = 9
The kprop fails from a machine that does not have this to one that does.
Eseentially, it is requiring that the safe_checksum_type be consistent
between all parties (hay-days would not be a good thing when we wish to
change the defaults). This is a bug I will look into when I can, if
someone doesn't beat me to it...
I believe that we need to have checksum_types that should be used to
send things, and a list of allowable incoming checksum types. I also
don't want to necessarily allow all checksum types for "safe" messages,
because I don't consider a CRC checksum sufficient to protect a secure
message. There will need to be two variables, as a result.
Possibly, it could be the same variable, if we make it such that the
first one listed is the default used, or some other well-known format.
Additionally, we should try to use the symbolic names (crc, md5, sha,
instead of the numeric value).
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
