[OpenAFS] Afs and arcfour

David Botsch dwb7@ccmr.cornell.edu
Thu, 24 Jun 2004 16:00:56 -0400


Ack... saw this after writing my previous message...

so, it is beginning to sound like there are two ways to make Windows 
authing against the kdc coexist happily with krb4 clients:
1. install mit kfw so that kerb5 is used by windows afs client
2. use the hmac/arcfour enctype (was my original try, altho whenever I 
put this type in kdc.conf, it would either be ignored by the kdc or 
kadmin would refuse to work with a "required missing parameter in 
kdc.conf" error).

On 2004.06.24 14:22 Jeffrey Altman wrote:
> Jeffrey Altman wrote:
> 
>> David Botsch wrote:
>> 
>>> Right. However, in the case of kerb4 auth, it seems the krb5 server 
>>> is returning the des-cbc-md5 instead of des-cbc-crc.
>> 
>> 
>> Which KDC do you believe is doing this?
>> 
>> I find it hard to believe that a Kerberos IV compatibility library 
>> would contain the code necessary to use a
>> DES-CBC-MD5 enctype.
>> 
> My apologies.  I have been corrected in another forum.  The KDC will 
> use any of the kerberos 5 DES enctypes to obtain
> the key for use with Kerberos IV.  More than likely it is choosing a 
> key which was generated with a salt
> that the Kerberos IV client cannot handle.
> 
> 

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************