On Tue, 2013-07-30 at 19:44 -0400, Jeffrey Altman wrote: > On 7/30/2013 7:32 PM, Benjamin Kaduk wrote: > > On Tue, 30 Jul 2013, Jeffrey Altman wrote: > > > >> This is an incorrect description. The explicit problem occurs when the > >> following combination is true: > >> > >> 1. user has one or more strong enctype keys with non-default > >> password salts > >> > >> 2. the only keys with default password salts are weak enctypes > >> > >> 3. preauth is required > > > > A bit off-topic (and feel free to go off-list), but I'm curious if there > > is anything that can be said in general to be a cause for the presence > > of non-default salts. > > > > Thanks, > > > > Ben > > Realm or principal renaming without updating the keys. This is not > specific to Heimdal.
Also, some realms contain keys that date back to when they were running krb4; these have non-default salts, according to krb5's way of thinking. _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info