Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2167 From ellidz@eridu.uchicago.edu Thu Jun 29 12:31:22 2000 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA24422 for ; Thu, 29 Jun 2000 12:31:22 -0400 (EDT) Received: from eridu.uchicago.edu by MIT.EDU with SMTP id AA24150; Thu, 29 Jun 00 12:31:47 EDT Received: (from ellidz@localhost) by eridu.uchicago.edu (8.9.3+Sun/8.9.3) id LAA19466; Thu, 29 Jun 2000 11:31:07 -0500 (CDT) Message-Id: <200006291631.LAA19466@eridu.uchicago.edu> Date: Thu, 29 Jun 2000 11:31:07 -0500 (CDT) From: "E. Larry Lidz" Reply-To: ellidz@eridu.uchicago.edu To: krb5-bugs@MIT.EDU Cc: Subject: 3des support and kdb5_util create X-Send-Pr-Version: 3.99 >Number: 864 >Category: krb5-kdc >Synopsis: kdb5_util create uses DES if supported_enctypes doesn't have 3DES even if master_key_type is 3DES >Confidential: no >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Thu Jun 29 12:32:00 EDT 2000 >Last-Modified: >Originator: E. Larry Lidz >Organization: uchi.comp.unix vi cabal >Release: krb5-1.2 >Environment: System: SunOS eridu 5.7 Generic_106541-05 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 >Description: kdb5_util create uses supported_enctypes to try to determine the type of encryption rather than master_key_type. Or, rather, if they don't agree, it fails to create the admin entries in the database. >How-To-Repeat: If the kdc.conf has: [kdcdefaults] kdc_ports = 88,750 [realms] TEST.UCHICAGO.EDU = { kadmind_port = 749 #dict_file = /opt/lib/cracklib/pw_dict max_life = 10h 0m 0s default_principal_flags = preauth max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = des-cbc-crc:normal kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal } and you run kdb5_util create -r TEST.UCHICAGO.EDU -s, it'll fail out with a "No such file or directory while initializing the kerberos context" >Fix: >Audit-Trail: >Unformatted: