Skip Menu |

From: Mark Eichin <>
Subject: krb5kdc.M is confused about keytype
Date: Tue, 29 May 2007 00:09:17 -0400
In krb5-1.6.1/src/kdc/krb5kdc.M there is (just like 1.4.3 where I
noticed the problem):

Show quoted text
> .B \-k
> .I keytype
> option specifies the key type of the master key in the database; the default

First of all, that's not even the right namespace ("des-cbc-crc" would
be the syntax that actually works...)

Second, it's a lie - I'm pretty sure the default is des3-hmac-sha1...

(Third, the default for master_key_type isn't listed in krb5-1.6.1/src/config-files/kdc.conf.M
which would have helped me notice this the first time around, even
though defaults for things like master_key_name which *never ever
change* are...)
Subject: SVN Commit
Download (untitled) / with headers
text/plain 1.1KiB

Incorporate Apple's patch.

Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by

Create the new (and normally empty) authorization data plugin
directory at install time.

Add some (normally disabled) code to log authz data from rd_req.

Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.

Make the plugin init context support work, by not passing null

Commit By: raeburn

Revision: 20691
Changed Files:
U trunk/src/
U trunk/src/config/
U trunk/src/
A trunk/src/include/krb5/authdata_plugin.h
U trunk/src/include/osconf.hin
U trunk/src/kdc/
U trunk/src/kdc/do_as_req.c
A trunk/src/kdc/kdc_authdata.c
U trunk/src/kdc/kdc_util.h
U trunk/src/kdc/main.c
U trunk/src/lib/krb5/krb/rd_req_dec.c
A trunk/src/plugins/authdata/
A trunk/src/plugins/authdata/greet/
A trunk/src/plugins/authdata/greet/
A trunk/src/plugins/authdata/greet/greet.exports
A trunk/src/plugins/authdata/greet/greet_auth.c
Ugh, that checkin message should've been attached to 5655, not 5565.
Subject: SVN Commit

Update description of -k option: From the code it appears the default
is des-cbc-crc, and it applies to entering passwords with -m.

Commit By: raeburn

Revision: 20692
Changed Files:
U trunk/src/kdc/krb5kdc.M