On Mon, 2008-03-03 at 15:35 -0600, Will Fiveash wrote:
> On Mon, Mar 03, 2008 at 10:19:13PM +0100, Mark Phalan wrote:
> >
> > On 3 Mar 2008, at 21:48, Will Fiveash wrote:
> >
> >> On Mon, Mar 03, 2008 at 09:40:25PM +0100, Mark Phalan wrote:
> >>>>
> >>>> ...
> >>>> Can the client print the enctype names that it requested? I understand
> >>>> your point below that the server isn't sending the enctype(s) that it
> >>>> had problems with but the client should be able to map the enctypes it
> >>>> requested to names.
> >>
> >> What do you think about my point above?
> >>
> >
> > Sorry, I missed it.
> > Yes, the client could print out the names. I suppose the config names (eg.
> > "des3-cbc-sha1-kd") would be better than the human readable names ("Triple
> > DES cbc mode with HMAC/sha1"). I'll add the relevent changes.
>
> Yes, I also prefer the "des3-cbc-sha1-kd" style.
>
The output now looks like:
zup# ./kadmin -p mark/admin -q "ktadd -k /tmp/t t"
Authenticating as principal mark/admin with password.
Password for mark/admin at ACME.COM:
kadmin: Bad encryption type while changing t's key
kadmin: Encryption types requested: aes256-cts-hmac-sha1-96 (18),
aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1 (16), arcfour-hmac (23),
des-cbc-md5 (3), des-cbc-crc (1)
zup#
-Mark
