[OpenAFS] klog.krb5 incompatible with Heimdal 1.5.1?
Jeffrey Altman
jaltman@secure-endpoints.com
Thu, 13 Oct 2011 10:24:53 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9568DAF5C1B7B741741578AD
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
The difference in the two cases is that -tmp is requesting a TGT first
whereas without -tmp the afs@IFH.DE request is being issued directly.
In the non -tmp case the KDC replies with a ticket encrypted using
aes256-cts-hmac-sha1-96 which is not supported for AFS.
This could be either a bug in klog.krb5 or in Heimdal. I haven't looked
at any code yet. In the non -tmp case either klog.krb5 is not
requesting des-cbc-crc or Heimdal is forgetting that request when
responding to the pre-auth request.
--------------enig9568DAF5C1B7B741741578AD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJOlvS1AAoJENxm1CNJffh4HOcH/AmvG8mfn8VU2K5hD9PgTY0m
Z/AVl7tf8x+gYNHLWf3dW3e/2YOmIJRwilrev1h/8ePUbxscHazuFPybq6TLZq8s
XUKm/pg6KZZUIO7VsR+NbtKqKWHL6oYKFDyuvqot5PuKHV1cAtgCN4Pbp7Erg0l4
oGq+Xt2nVsDr1AhAHKFwNwFOFovIccAflopjY5/JJ8afl7T9ytiGBeAT+H0dg3gG
f5CndAoq4tAIPMGsPNugspePl8vtZ2Z9KviWbVuzJQIMqYnyKkGrvL+UGA+xq0cG
gBk6KEZZJRuNVCnp8AOxGNw3yA45ia48ha0T0YCz+yiJCiZsKDkSzasqBJZUCfc=
=QoID
-----END PGP SIGNATURE-----
--------------enig9568DAF5C1B7B741741578AD--