Package: krb5-admin-server
Version: 1.6.dfsg.3-1
Severity: normal
kadmin always lists keys with "normal" salt as without salt:
| Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
| Key: vno 1, DES cbc mode with CRC-32, no salt
This example was created without any special enctype definition so it
defaults to "des3-hmac-sha1:normal des-cbc-crc:normal". Version 4 salt,
which really means: no salt, is correctly listed as "Version 4".
Using any valid salts "normal, v4, norealm and onlyrealm", afs3 seems to
be not usable, it look the following:
| Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
| Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 4
| Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 5 - No Realm
| Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 5 - Realm Only
If I use -randkey, I only get such "no salt" entries:
| Key: vno 4, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
As the documentation shows this behaviour in the example outputs also,
this looks like missing documentation.
Bastian
--
Too much of anything, even love, isn't necessarily a good thing.
-- Kirk, "The Trouble with Tribbles", stardate 4525.6
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
