Hi All,

I have a kerb5 setup with MIT KDC and heimdal client
APIs to perform kerb5 authentication. I have created
principals without specifying any keysaltlist. A
keytab is created by running ktadd. klist shows-

-bash2-2.05b$ sudo ktutil -k
/tmp/osqa2.domain.com.keytab list
/tmp/osqa2.domain.com:

Vno  Type           Principal
  5  des3-cbc-sha1  imap/[EMAIL PROTECTED]
  5  des-cbc-crc    imap/[EMAIL PROTECTED]

(Note: I have replace domain with actual domain name)

With this keytab, heimdal client gives authentication
failure. When I debugged the code I found that it is
failing in verify_checksum function.

Authentication is successful, if I specify -e
DES-CBC-CRC:normal to ktadd so that the keytab
contains just one enctype- des-cbc-crc. 

It does not seem to be a problem with multiple
enctypes, because creating keytab with just
des3-cbc-sha1 also does not solve the problem.

Is there a known problem with des3 enctype in heimdal
ot interoperability between MIT and heimdal for des3
enctype?

Thanks in advance,
Arati

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to