Kerberos 1.4 w/o des

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Kerberos 1.4 w/o des

Trev Peterson

I am trying to configure kerberos to use 3des and aes but not single
des.  However, when I create a new principal I see the following in the
output of getprinc:

Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt

The relevant portion of kdc.conf is:

        master_key_type = des3-hmac-sha1
        supported_enctypes = aes256-cts-hmac-sha1-96:normal

The kdc.conf is being used as it has the correct realm and all.  The man
page on krb5kdc doesn't indicate any way to make the output more verbose
or include any debug info.  Any suggestions on how to track this down
are appreciated.

Trev Peterson <[hidden email]>
Advanced Reality

Kerberos mailing list           [hidden email]