From ellidz@eridu.uchicago.edu Thu Jun 29 12:31:22 2000
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA24422
for <bugs@RT-11.MIT.EDU>; Thu, 29 Jun 2000 12:31:22 -0400 (EDT)
Received: from eridu.uchicago.edu by MIT.EDU with SMTP
id AA24150; Thu, 29 Jun 00 12:31:47 EDT
Received: (from ellidz@localhost)
by eridu.uchicago.edu (8.9.3+Sun/8.9.3) id LAA19466;
Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
Message-Id: <200006291631.LAA19466@eridu.uchicago.edu>
Date: Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
From: "E. Larry Lidz" <ellidz@eridu.uchicago.edu>
Reply-To: ellidz@eridu.uchicago.edu
To: krb5-bugs@MIT.EDU
Cc:
Subject: 3des support and kdb5_util create
X-Send-Pr-Version: 3.99
Architecture: sun4
kdb5_util create uses supported_enctypes to try to determine the type
of encryption rather than master_key_type. Or, rather, if they don't
agree, it fails to create the admin entries in the database.
If the kdc.conf has:
[kdcdefaults]
kdc_ports = 88,750
[realms]
TEST.UCHICAGO.EDU = {
kadmind_port = 749
#dict_file = /opt/lib/cracklib/pw_dict
max_life = 10h 0m 0s
default_principal_flags = preauth
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des-cbc-crc:normal
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}
and you run kdb5_util create -r TEST.UCHICAGO.EDU -s, it'll fail out
with a "No such file or directory while initializing the kerberos
context"
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA24422
for <bugs@RT-11.MIT.EDU>; Thu, 29 Jun 2000 12:31:22 -0400 (EDT)
Received: from eridu.uchicago.edu by MIT.EDU with SMTP
id AA24150; Thu, 29 Jun 00 12:31:47 EDT
Received: (from ellidz@localhost)
by eridu.uchicago.edu (8.9.3+Sun/8.9.3) id LAA19466;
Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
Message-Id: <200006291631.LAA19466@eridu.uchicago.edu>
Date: Thu, 29 Jun 2000 11:31:07 -0500 (CDT)
From: "E. Larry Lidz" <ellidz@eridu.uchicago.edu>
Reply-To: ellidz@eridu.uchicago.edu
To: krb5-bugs@MIT.EDU
Cc:
Subject: 3des support and kdb5_util create
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 864
>Category: krb5-kdc
>Synopsis: kdb5_util create uses DES if supported_enctypes doesn't have 3DES even if master_key_type is 3DES
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 29 12:32:00 EDT 2000
>Last-Modified:
>Originator: E. Larry Lidz
>Organization:
uchi.comp.unix vi cabal>Category: krb5-kdc
>Synopsis: kdb5_util create uses DES if supported_enctypes doesn't have 3DES even if master_key_type is 3DES
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 29 12:32:00 EDT 2000
>Last-Modified:
>Originator: E. Larry Lidz
>Organization:
Show quoted text
>Release: krb5-1.2
>Environment:
System: SunOS eridu 5.7 Generic_106541-05 sun4u sparc SUNW,Ultra-5_10>Environment:
Architecture: sun4
Show quoted text
>Description:
kdb5_util create uses supported_enctypes to try to determine the type
of encryption rather than master_key_type. Or, rather, if they don't
agree, it fails to create the admin entries in the database.
Show quoted text
>How-To-Repeat:
If the kdc.conf has:
[kdcdefaults]
kdc_ports = 88,750
[realms]
TEST.UCHICAGO.EDU = {
kadmind_port = 749
#dict_file = /opt/lib/cracklib/pw_dict
max_life = 10h 0m 0s
default_principal_flags = preauth
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des-cbc-crc:normal
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}
and you run kdb5_util create -r TEST.UCHICAGO.EDU -s, it'll fail out
with a "No such file or directory while initializing the kerberos
context"
Show quoted text
>Fix:
>Audit-Trail:
>Unformatted:
>Audit-Trail:
>Unformatted: