[OpenAFS] Re: klog.krb5 incompatible with Heimdal 1.5.1?
Andreas Haupt
ahaupt@ifh.de
Fri, 14 Oct 2011 14:38:00 +0200
Hi Jeffrey,
On Fri, 2011-10-14 at 08:02 -0400, Jeffrey Altman wrote:
> Andreas:
>
> Wireshark cannot show you the type of the session key since that key is
> only visible to parties that are capable of decrypting the encrypted
> portions of the response. It is the session key that must be des-cbc-*
> and which is instead aes256-cts-hmac-sha1-96 in the 1.5.1 case.
OK, learned something again ...
> klog.krb5 should be setting an explicit request for a des-cbc-crc
> session key. That is a bug which must be fixed. It should be reported
> to openafs-bugs@openafs.org.
Done.
> Heimdal 1.5.1 should also be restricting the session key to one of the
> encryption types that are known to the afs@IFH.DE principal. That is
> also a bug and should be reported on the heimdal mailing list.
Done, as well.
Cheers,
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@desy.de
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216