Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id l4TIbYHW023674; Tue, 29 May 2007 14:37:34 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l4TIbT8I031332; Tue, 29 May 2007 14:37:29 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l4T49KR1019381 for ; Tue, 29 May 2007 00:09:20 -0400 Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id l4T49IgO001765 for ; Tue, 29 May 2007 00:09:18 -0400 (EDT) Received: from kurohyou (kurohyou.thok.org [66.92.86.139]) by mit.edu (Spam Firewall) with ESMTP id 22612513958 for ; Tue, 29 May 2007 00:09:18 -0400 (EDT) Received: by kurohyou (Postfix, from userid 1000) id 800BCFDC8D; Tue, 29 May 2007 00:09:17 -0400 (EDT) From: Mark Eichin To: krb5-bugs@mit.edu Subject: krb5kdc.M is confused about keytype Date: Tue, 29 May 2007 00:09:17 -0400 Message-ID: <877iqse0eq.fsf@kurohyou.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.205 X-Spam-Level: * (1.205) X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 29 May 2007 14:37:28 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU X-RT-Original-Encoding: us-ascii Content-Length: 638 In krb5-1.6.1/src/kdc/krb5kdc.M there is (just like 1.4.3 where I noticed the problem): > .B \-k > .I keytype > option specifies the key type of the master key in the database; the default > is KEYTYPE_DES. First of all, that's not even the right namespace ("des-cbc-crc" would be the syntax that actually works...) Second, it's a lie - I'm pretty sure the default is des3-hmac-sha1... (Third, the default for master_key_type isn't listed in krb5-1.6.1/src/config-files/kdc.conf.M which would have helped me notice this the first time around, even though defaults for things like master_key_name which *never ever change* are...)