[7448] in Kerberos
Re: av4k?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Jun 10 19:03:08 1996
To: Dave McGuire <mcguire@rocinante.digex.net>
Cc: Sam Hartman <hartmans@MIT.EDU>, kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 10 Jun 1996 18:53:09 -0400
In-Reply-To: Dave McGuire's message of Mon, 10 Jun 1996 16:12:30 -0400
>>>>> "Dave" == Dave McGuire <mcguire@rocinante.digex.net> writes:
Dave> But won't that make *all* my keys "v4" keys if that's the
Dave> default and I just use "ank"? Somehow that strikes me as a
Dave> bad thing. Is it?
Beta6 adds the ability to have multiple keys associated with a
single principal; this allows a principal to be be Kerberos V4
compatible when Kerberos V4 is used to access the principal, but to
use the new salt type when Kerberos V5 is used. You almost get the
best of both worlds when it works, and I think that it works well
enough for this in Beta 6. (There are still bugs when you have
multiple encryption systems such as DES and tripple DES associated
with a single prinicipal. This is why tripple DES is not supported in
Beta6, even though some code does exist. Actually, there a re a few
other open issues with tripple DES as well, but it's coming along
fairmly rapidly.)
Dave> The application is cross-realm authentication, by the way,
Dave> in case there's now a better way to do it.
Dave> -Dave McGuire Systems Engineer
Dave> Digital Express Group, Incorporated mcguire@digex.net
