[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: Multiple ETYPE-INFO-ENTRY with same etype but different salts
From: "Henry B. Hotz" <hotz () jpl ! nasa ! gov>
Date: 2011-07-20 2:39:29
Message-ID: 3C987864-F121-405A-8CB3-92818E61D1F4 () jpl ! nasa ! gov
[Download RAW message or body]
On Jul 18, 2011, at 7:05 AM, krbdev-request@mit.edu wrote:
> > I would expect the des-cbc-md5:normal to result in an etype-info2 entry
> > with no specified salt (which means the default salt). I don't know why
> > Java isn't choosing this entry.
>
> As I said, we skip entry with an empty salt.
>
> We will fix our problem. My last question would be: so the customer has no \
> workaround now on their KDC side?
The customer could follow current recommended practice and stop using Kerberos 4 and \
single-DES. ;-) ;-)
(You can preserve single-des keys for the AFS service even if you strip them out of \
everything else.)
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic