Received: from mailgate01.slac.stanford.edu (mailgate01.slac.stanford.edu [134.79.18.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id SAA08423; Fri, 30 Apr 2004 18:20:11 -0400 (EDT)
Received: from telemark.slac.stanford.edu (telemark.slac.stanford.edu [134.79.24.241]) by mailgate01.slac.stanford.edu (8.12.11/8.12.11) with ESMTP id i3UMK80v007963; Fri, 30 Apr 2004 15:20:09 -0700 (PDT) (envelope-from bbense@slac.stanford.edu)
Date: Fri, 30 Apr 2004 15:20:08 -0700 (PDT)
From: Booker Bense <bbense@slac.stanford.edu>
To: Sam Hartman via RT <rt-comment@krbdev.mit.edu>
Cc: krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #2545] AFS string_to_key broken for passwords > 8 chars
In-Reply-To: <rt-2545-10866.16.688828784781@krbdev.mit.edu>
Message-Id: <Pine.LNX.4.58.0404301451570.18090@telemark.slac.stanford.edu>
References: <rt-2545-10866.16.688828784781@krbdev.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 610

On Thu, 29 Apr 2004, Sam Hartman via RT wrote:

>
> One work around might be to convince the Heimdal KDC to send the
> appropriate etype_info2 s2kparams to indicate that the AFS3 salt
> should be used.  If your KDC does this, our code should do the right
> thing.
>

_ Even for 8 char and less passwords? I'm not seeing how that
could happen since the right algorithm is only in
mit_afs_string_to_key and that is only called in one
place. I agree it would work for 9 char password, but there
is no way for the KDC to know the length of your password.

_ Is there some code path I'm missing?

_ Booker C. Bense