Jeffrey writes:
> AFS as transarc ships it _does_ try both string-to-key algorithms (now).
> However, kas and Transarc kpasswd will use the Andrew s2k when setting
> a _new_ password; if you want to use the MIT s2k for new passwords, then
> these must be changed.
Oh, my - so it does. It will certainly be slower using the k4 algorithm,
although, if things are configured reasonably, that may not be much of
an issue.
> Actually, the MIT kerberos server does _not_ support the administrative
> functions; those are handled by a separate server that runs on a
> different port.
I know it's done by a separate process. But I think of that as an
implementation detail. I've wondered how they deal with locking
& performance issues, but haven't been quite curious enough to dig in.
> Hmmm... You're right; that is a bug. However, your fix is
> also insufficient; you need to do memset(password, 0, 9).
> I've made such a change to our source.
It's harmless to set 9 instead of 8, but shouldn't matter.
crypt only looks at the first 8 characters, and ignores what's
past that (at least, most versions do.) If you really want to
treat crypt right, though, you should also pass it "p1" as the
salt (clearly, the people who wrote the code had a sense of
humour...)
-Marcus
