On Dec 10, 10:11 am, Jeff Blaine <[EMAIL PROTECTED]> wrote: > > ... > >>> Key: vno 5, DES cbc mode with CRC-32, AFS version 3 > > ... > > ^^^^^^^^^^^^^ > > > Have you tried using other salt types? > > > -Marcus Watts > > I'm afraid I don't have that luxury, if I understand you > correctly. We have 900+ principals imported from AFS with keys > as above. Currently this is all in testing and this is a report > of a snag in the testing. Since it all works fine under Solaris > 9 with MIT Kerberos, I consider this a problem with MIT Kerberos > as delivered in RHEL3, or something else outside of my current > knowledge.
We imported 100,000 plus users into kerberos5 from AFS and it all worked fine. After the import we expanded the enctypes and it did not affect the existing users. Just don't take out the single des entry. When you do a a getprinc on a principal after they have reset their password you will see that they have multiple enctypes associated with their principal. The client that auths against the kdc will negotiate itself to the enctype it chooses. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos