[7600] in Kerberos
Re: Krb5b6 server and Krb4 clients
daemon@ATHENA.MIT.EDU (Mark Eichin)
Sat Jul 6 18:10:37 1996
To: kerberos@MIT.EDU
Date: 06 Jul 1996 17:28:15 -0400
From: Mark Eichin <eichin@cygnus.com>
> A secret. :-)
> Unknown(Nobody's done it).
Actually, I've done it; I've used a v5 kdc to serve a v4 realm for,
oh, a year and a half now... I just set up a new realm with the latest
code, same thing...
First of all, if you've *already* got a v4 realm and are upgrading,
you just use kdb5_edit and load the old database, and the Right Thing
happens.
If you're starting from scratch, well, that's a bit more subtle, and
involves understanding what "salt type" is used for the keys you
generate; however, noone asking the question has gotten that far :-)
As our customers haven't had much trouble with this, I've assumed that
people just haven't looked very closely at the documentation. (Well,
ok, maybe it's vague. man kdc.conf, look at supported_keytypes, and
note that the version in the sources (in config-files/kdc.conf) should
already do the right thing... also see what kdb5_edit "show" tells you
the problematic keys are using for salt types.)
_Mark_ <eichin@cygnus.com>
Cygnus Support
Cygnus Network Security <network-security@cygnus.com>
http://www.cygnus.com/data/cns/
