On Sat, May 10, 2008 at 02:01:15PM -0700, Russ Allbery wrote:
> Bastian Blank <[EMAIL PROTECTED]> writes:
> > kadmin always lists keys with "normal" salt as without salt:
> > | Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
> > | Key: vno 1, DES cbc mode with CRC-32, no salt
> Yup, this is upstream bug #5958. "no salt" actually means "no salt hint,"
> or "use default salt." It makes sense how it happened from a code
> perspective, but it's definitely a bug.
It makes sense, as only password generated keys needs a salt and the
standard defines which variant to use by default.
> > Using any valid salts "normal, v4, norealm and onlyrealm", afs3 seems to
> > be not usable, it look the following:
> The AFS3 salt is specifically for compatibility with the AFS kaserver,
> which only does single DES keys, so using that salt with any key other
> than single DES doesn't really make any sense.
Yeah. So this is a documentation bug.
> > As the documentation shows this behaviour in the example outputs also,
> > this looks like missing documentation.
> By "this behavior" I assume you mean the "no salt" part?
Yes.
Bastian
--
We do not colonize. We conquer. We rule. There is no other way for us.
-- Rojan, "By Any Other Name", stardate 4657.5
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
