[Joakim Fallsjo] Re: [OpenAFS] Re: SuSe 9.0 &Heimdal.6

ted creedon tcreedon@easystreet.com
Tue, 30 Dec 2003 09:03:00 -0800

Is there a way to verify that the checksums are the same in both =

The presence of the des3-cbc-sha1 key in the keytab is specifically
mentioned to be deleted with=20
Kadmin> del_enctype sanchin.se@SANCHIN.SE des3-cbc-sha1
In the SuSE documentation.

Apparently it doesn't matter.

-----Original Message-----
From: Joakim Fallsjo [mailto:fallsjo@sanchin.se]=20
Sent: Tuesday, December 30, 2003 3:28 AM
To: ted creedon
Subject: Re: [Joakim Fallsjo] Re: [OpenAFS] Re: SuSe 9.0 &Heimdal.6

Hello and sorry for the delay.

"ted creedon" <tcreedon@easystreet.com> writes:

> Joakim,
> Do you have a krb5.conf I could look at and possibly a pam.d/login?
Well I have a krb5.conf that I could send you but it would probably not =
you any good du to the fact that I have a plain mapping between DNS-, =
and cellname (sanchin.se, SANCHIN.SE and sanchin.se).

My KeyFile only contains:

# ktutil -k AFSKEYFILE:KeyFile list

Vno  Type         Principal               =20
  1  des-cbc-md5  afs/sanchin.se@SANCHIN.SE

and my kdc contains:

# kadmin -l get afs/sanchin.se
               Principal: afs/sanchin.se@SANCHIN.SE
Keytypes(salttype[(salt-value)]): des-cbc-crc(pw-salt),
des-cbc-md4(pw-salt), des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)

"We are a major superpower with a third-world electrical grid"
				Gov. Bill Richardson of New Mexico