Skip Menu |
 

Download (untitled) / with headers
text/plain 3.4KiB
From jbrezak@microsoft.com Wed Mar 31 22:29:19 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id WAA22204 for <bugs@RT-11.MIT.EDU>; Wed, 31 Mar 1999 22:29:19 -0500
Received: from mail5.microsoft.com by MIT.EDU with SMTP
id AA26525; Wed, 31 Mar 99 22:30:09 EST
Received: by INET-IMC-05 with Internet Mail Service (5.5.2524.0)
id <H0K2VMG4>; Wed, 31 Mar 1999 19:29:16 -0800
Message-Id: <FFD1BA74C6A7D111A09500805F9F88F507D25561@RED-MSG-43>
Date: Wed, 31 Mar 1999 19:29:12 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
Subject: Problems with KRB5_KDB_SUPPORT_DESMD5

Show quoted text
>Number: 708
>Category: krb5-admin
>Synopsis: Problems with KRB5_KDB_SUPPORT_DESMD5
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Mar 31 22:30:01 EST 1999
>Last-Modified: Sat Jun 23 01:27:20 EDT 2001
>Originator: John Brezak <jbrezak@microsoft.com>
>Organization:
>Release:
>Environment:
>Description:
Version - 1.0.5

I couldn't manage to get the KRB5_KDB_SUPPORT_DESMD5 flag set in the
kdb_entry attributes of a principal so that the KDC would accept requests
for a DES-CBC-MD5 key type. It appears that the default is to only use CRC
keytypes. I didn't have any luck using the kdc.conf with the
default_principal_flags = +md5, so I added this change to kadmin so that I
can at least get this to work and be able to see and modify this flag.

Is anyone using DES-CBC-MD5 service tickets? This seems real difficult to
get this to work.

*** kadmin.c~ Fri Feb 6 19:42:21 1998
--- kadmin.c Wed Mar 31 19:09:41 1999
***************
*** 55,61 ****
{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0},
{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
! {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 }
};

static char *prflags[] = {
--- 55,62 ----
{"requires_hwauth", 15, KRB5_KDB_REQUIRES_HW_AUTH, 0},
{"needchange", 10, KRB5_KDB_REQUIRES_PWCHANGE, 0},
{"allow_svr", 9, KRB5_KDB_DISALLOW_SVR, 1},
! {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE, 0 },
! {"md5", 3, KRB5_KDB_SUPPORT_DESMD5, 0}
};

static char *prflags[] = {
***************
*** 72,78 ****
"UNKNOWN_0x00000400", /* 0x00000400 */
"UNKNOWN_0x00000800", /* 0x00000800 */
"DISALLOW_SVR", /* 0x00001000 */
! "PWCHANGE_SERVICE" /* 0x00002000 */
};

char *getenv();
--- 73,80 ----
"UNKNOWN_0x00000400", /* 0x00000400 */
"UNKNOWN_0x00000800", /* 0x00000800 */
"DISALLOW_SVR", /* 0x00001000 */
! "PWCHANGE_SERVICE", /* 0x00002000 */
! "SUPPORT_DESMD5" /* 0x00004000 */
};

char *getenv();


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052


Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Sat Jun 23 01:27:17 2001
Responsible-Changed-Why:

Show quoted text
>Unformatted:
support_desmd5 flag support added to kadmin cli a while ago.
des-cbc-md5 has other problems but that's a different bug.