[16395] in Kerberos_V5_Development
Re: random to key from password
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Sep 27 17:25:05 2010
Date: Mon, 27 Sep 2010 16:22:57 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Sam Hartman <hartmans@mit.edu>
Message-ID: <20100927212257.GD7858@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100927212220.GR9501@oracle.com>
Cc: lha@h5l.org, Russ Allbery <rra@stanford.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Sep 27, 2010 at 04:22:20PM -0500, Nicolas Williams wrote:
> On Mon, Sep 27, 2010 at 05:11:38PM -0400, Sam Hartman wrote:
> > Claim to be a client that only supports DES. This is a random
> > key--allowing use as a client is supposed to be reasonable even without
> > preauth.
>
> Ah, right. We really need to have a way to say which enctypes a service
> princ is allowed to use as a client...
And lacking that, make service princs require pre-auth.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
