>>>>> "KK" == KK <[EMAIL PROTECTED]> writes:
KK> Hi All, Can anyone tell me if there is any distinction between KK> etype [ EncryptionType ] and keytype as defined in section 6.1 KK> and 6.2 of the Kerberos RFC 1510 ? The writers of RFC 1510 invisioned that key types and encryption types would be separate concepts. However, they failed to actually specify a protocol that could work that way. So, the Kerberos community has established a 1-to-1 mapping between key type and enctype that is formalized in draft-ietf-krb-wg-kerberos-clarifications (the successor to RFC 1510). KK> I specifically want to know whether it will be right according KK> to the RFC, to service ticket requests from clients for KK> encryption type des-cbc-md5 for principals who only have a key KK> of type des-cbc-crc in the Kerberos database ? It is wrong to do so unless you know that the service actually supports des-cbc-md5. But if your KDC has enough information to know this some other way, then you can optimize things and store only one key for all the single DES enctypes. Tom Yu had a rather long write up on how MIT handles this issue sent to the [EMAIL PROTECTED] mailing list about a year ago. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos