[OpenAFS-win32-devel] AFS Server on Windows now works - pleasetestnew builds

Jeffrey Altman jaltman@columbia.edu
Fri, 02 Apr 2004 14:10:20 -0500


Douglas E. Engert wrote:

>>As long as the tickets do not exceed 64K - 256 OpenAFS
>>will be able to handle them.
>>
>
>But you said:  
>     * Increased the size of the maximum ticket size stored in a token
>       from 344 bytes to 4096. 
>
>Are you changing the limits on this too? 
>
I can increase the limits.  I have not yet done so.

>
>But what I am seeing, is that a W2003 AD may issue a ticket with DES-CBC-MD5,
>whereas a W2000 AD in the same domain will issue it with DES-CBC-CRC.
>
>So if one of these is uses directly, it will not work as the server will not
>accept the DES-CBC-MD5. 
> 
>(I just put up a krb5-1.3.2 KDC today, and I am seeing something similar
>with krb524d when the kinit was done against the W2003 AD vs the W2000 AD. 
>I am still looking at this situation. this ay be the same problem, as the
>new krb524d may be retaining the DES-CRC-MD5 for the converted k4 ticket.) 
>
>
There is an existing ticket for md4/md5 checksum support
which Love opened several years ago.  I have merged your
request into that one. 

I have fixed the uninitialized variable problem so that
it does the correct thing and increases the pain level.
All that needs to be done now is for someone to add the
md4/md5 support.  It could probably have been done in the
amount of time it took to write these e-mails and manage
the RT queue.  :-)