Given the KDB entry:
kadmin: getprinc host/cerberus.ait.iastate.edu
Principal: host/[EMAIL PROTECTED]
...
Number of keys: 1
Key: vno 6, DES cbc mode with CRC-32, no salt
and the request:
Oct 11 11:24:26 kerberos-1.iastate.edu krb5kdc[21825](info): \
TGS_REQ (3 etypes
John Hascall [EMAIL PROTECTED] writes:
Given the KDB entry:
kadmin: getprinc host/cerberus.ait.iastate.edu
Principal: host/[EMAIL PROTECTED]
...
Number of keys: 1
Key: vno 6, DES cbc mode with CRC-32, no salt
and the request:
Oct 11 11:24:26
On Wednesday, October 11, 2006 06:16:33 PM -0400 Marcus Watts
[EMAIL PROTECTED] wrote:
In the MIT kerberos source, there's a pair of routines
select_session_keytype and dbentry_supports_enctype that are probably
making this decision for you. Here's the comment in
dbentry_supports_enctype:
Except the issue here is he's getting a DES_CBC_MD4 session key when he
wants DES_CBC_CRC. The why is likely in the code you're quoting -
DES_CBC_MD4 is a better enctype, and both sides appear to support it
(since the single-des types are interchangeable).
I'd be curious to know how the
On Wednesday, October 11, 2006 06:06:08 PM -0500 John Hascall
[EMAIL PROTECTED] wrote:
Except the issue here is he's getting a DES_CBC_MD4 session key when he
wants DES_CBC_CRC. The why is likely in the code you're quoting -
DES_CBC_MD4 is a better enctype, and both sides appear to
Except the issue here is he's getting a DES_CBC_MD4 session key when he
wants DES_CBC_CRC. The why is likely in the code you're quoting -
DES_CBC_MD4 is a better enctype, and both sides appear to support it
(since the single-des types are interchangeable).
I'd be curious to know how
On Wednesday, October 11, 2006 06:20:30 PM -0500 John Hascall
[EMAIL PROTECTED] wrote:
Except the issue here is he's getting a DES_CBC_MD4 session key when
he wants DES_CBC_CRC. The why is likely in the code you're quoting
- DES_CBC_MD4 is a better enctype, and both sides appear to
- DES_CBC_MD4 is a better enctype, and both sides appear to support
it (since the single-des types are interchangeable).
I'd be curious to know how the resulting ticket is not useful; that
is, what application is being used and what error results when
attempting to use that