[135] in pc-kerberos
Re: Upcoming potential changes in KRBV4*.DLL
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Thu Aug 3 12:35:53 1995
Date: Thu, 3 Aug 1995 12:28:19 -0400 (EDT)
From: John Gardiner Myers <jgm+@CMU.EDU>
To: pc-kerberos@MIT.EDU
In-Reply-To: <Pine.SUN.3.90c1.950803111722.13230E-100000@johnstown.andrew.cmu.edu>
I like Ted's idea a lot.
Derrick J Brashear <shadow@DEMENTIA.ORG> writes:
> Some vendor has shipped Kerberos based on v4p10, which has only the MIT
> string_to_key in it. The kpasswd they ship uses change_pw2. I get my
> hands on a kadmind and make it do this, telling it to use the Transarc
> string_to_key. You change your password, generating an MIT key. kadmind
> then generates a Transarc key and stores that. You try to authenticate.
> You lose.
If you're at a site that uses the Transarc string-to-key, you lost at
step 1. Assuming your old key was generated with the Transarc
string-to-key (which is a good assumption at sites that would have
kadmind use the Transarc string-to-key for new passwords), you can't
get authenticated to change your password in the first place.
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
