Skip Menu |

Download (untitled) / with headers
text/plain 2.1KiB
From Thu Jun 29 12:31:22 2000
by (8.9.3/8.9.3) with SMTP id MAA24422
for <bugs@RT-11.MIT.EDU>; Thu, 29 Jun 2000 12:31:22 -0400 (EDT)
Received: from by MIT.EDU with SMTP
id AA24150; Thu, 29 Jun 00 12:31:47 EDT
Received: (from ellidz@localhost)
by (8.9.3+Sun/8.9.3) id LAA19466;
Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
Message-Id: <>
Date: Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
From: "E. Larry Lidz" <>
To: krb5-bugs@MIT.EDU
Subject: 3des support and kdb5_util create
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 864
>Category: krb5-kdc
>Synopsis: kdb5_util create uses DES if supported_enctypes doesn't have 3DES even if master_key_type is 3DES
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 29 12:32:00 EDT 2000
>Originator: E. Larry Lidz
uchi.comp.unix vi cabal
Show quoted text
>Release: krb5-1.2
System: SunOS eridu 5.7 Generic_106541-05 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text

kdb5_util create uses supported_enctypes to try to determine the type
of encryption rather than master_key_type. Or, rather, if they don't
agree, it fails to create the admin entries in the database.
Show quoted text

If the kdc.conf has:
kdc_ports = 88,750

kadmind_port = 749
#dict_file = /opt/lib/cracklib/pw_dict
max_life = 10h 0m 0s
default_principal_flags = preauth
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des-cbc-crc:normal
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal

and you run kdb5_util create -r TEST.UCHICAGO.EDU -s, it'll fail out
with a "No such file or directory while initializing the kerberos

Show quoted text