On Sat, May 10, 2008 at 02:01:15PM -0700, Russ Allbery wrote: > Bastian Blank <[EMAIL PROTECTED]> writes: > > kadmin always lists keys with "normal" salt as without salt: > > | Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt > > | Key: vno 1, DES cbc mode with CRC-32, no salt > Yup, this is upstream bug #5958. "no salt" actually means "no salt hint," > or "use default salt." It makes sense how it happened from a code > perspective, but it's definitely a bug.
It makes sense, as only password generated keys needs a salt and the standard defines which variant to use by default. > > Using any valid salts "normal, v4, norealm and onlyrealm", afs3 seems to > > be not usable, it look the following: > The AFS3 salt is specifically for compatibility with the AFS kaserver, > which only does single DES keys, so using that salt with any key other > than single DES doesn't really make any sense. Yeah. So this is a documentation bug. > > As the documentation shows this behaviour in the example outputs also, > > this looks like missing documentation. > By "this behavior" I assume you mean the "no salt" part? Yes. Bastian -- We do not colonize. We conquer. We rule. There is no other way for us. -- Rojan, "By Any Other Name", stardate 4657.5 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]