[2125] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [sci.crypt] Kerberos IVEC Attack

daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Dec 19 18:57:13 1996

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: "Barry Jaspan" <bjaspan@MIT.EDU>, krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 19 Dec 1996 18:56:26 -0500
In-Reply-To: "Theodore Y. Ts'o"'s message of Thu, 19 Dec 1996 13:16:07 -0500

>>>>> "Theodore" == Theodore Y Ts'o <tytso@MIT.EDU> writes:

    Theodore> 2) Change the kadmin server to
    Theodore> set the "can do des-md5 bit by default" 3) Remove the
    Theodore> "can do des-md5 bit from the database" (since RFC1510bis
    Theodore> will make des-md5 a requirement)


	I've always felt the md5 bit was a crock that should go away.
It interacts poorly with the supported enctypes fields in kdc.conf and
the enctypes fields in krb5.conf, and creates additional confusion.

--Sam


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2125] in Kerberos_V5_Development

Re: [sci.crypt] Kerberos IVEC Attack

daemon@ATHENA.MIT.EDU (Sam Hartman)Thu Dec 19 18:57:13 1996

daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Dec 19 18:57:13 1996