[OpenAFS] Afs and arcfour
David Botsch
dwb7@ccmr.cornell.edu
Thu, 24 Jun 2004 15:55:41 -0400
The KDC we have running is doing this. Kerberos-1.3.3.
While I don't know for sure what is happening, what I know is that, if
a user has the following enc types, they can auth from windows:
Key: vno 31, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 31, DES cbc mode with CRC-32, AFS version 3
If the user has the following, they get the password incorrect error:
Key: vno 31, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 31, DES cbc mode with MD-5, no salt (ie des-cbc-md5:normal)
Key: vno 31, DES cbc mode with CRC-32, AFS version 3
On 2004.06.24 13:02 Jeffrey Altman wrote:
> David Botsch wrote:
>
>> Right. However, in the case of kerb4 auth, it seems the krb5 server
>> is returning the des-cbc-md5 instead of des-cbc-crc.
>
> Which KDC do you believe is doing this?
>
> I find it hard to believe that a Kerberos IV compatibility library
> would contain the code necessary to use a
> DES-CBC-MD5 enctype.
>
>
>
>
>
>
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************