[OpenAFS] libpam-krb5, NAT and tokens.
Balazs GAL
balsa@rit.bme.hu
08 Apr 2003 21:50:00 +0200
2003-04-08, k keltezéssel Balazs GAL ezt írta:
> 2003-04-08, k keltezéssel Mark Nejedlo ezt írta:
>
>
> > This is due to the fact that pam_krb5afs is doing k5->k4->afs,
>
> No, it's false. The krb524 code is at least broken in it,
> but I think it was never worked.
Accurately it only works if the krb5_creds keyblock.enctype is
ENCTYPE_DES_CBC_CRC.
So you must require an krb_creds with ENCTYPE_DES_CBC_CRC enctype and
then convert it with krb524, but original pam_krb5 misses it.
balsa