[OpenAFS] Re: klog.krb5 incompatible with Heimdal 1.5.1?
Fri, 14 Oct 2011 14:38:00 +0200
On Fri, 2011-10-14 at 08:02 -0400, Jeffrey Altman wrote:
> Wireshark cannot show you the type of the session key since that key is
> only visible to parties that are capable of decrypting the encrypted
> portions of the response. It is the session key that must be des-cbc-*
> and which is instead aes256-cts-hmac-sha1-96 in the 1.5.1 case.
OK, learned something again ...
> klog.krb5 should be setting an explicit request for a des-cbc-crc
> session key. That is a bug which must be fixed. It should be reported
> to firstname.lastname@example.org.
> Heimdal 1.5.1 should also be restricting the session key to one of the
> encryption types that are known to the afs@IFH.DE principal. That is
> also a bug and should be reported on the heimdal mailing list.
Done, as well.
| Andreas Haupt | E-Mail: email@example.com
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216