Jeffrey > > Markus: > > Your patch is close to the correct way to do this. The primary issue is > the question of the encryption key to use. You want to use the 3DES > session key if it is available. > > However, there is a bigger problem. The existing Kerberos 5 telnet code > base always takes the first 8 bytes of the key regardless of length and > uses it for both the inbound and outbound keys.
I thought with the changes I did in kerberos5.c I will use a longer session key (.e.g. 16 for RC4-hmac). I have to look at the inbound and outbound key generation. > This is in violation of > the current Telnet Encryption draft. That is why there is a restriction > for Kerberos 5 that it can only use single DES session keys. If a > session key with greater than 8 bytes of key data were used, the > truncation applied in the current code would make the communication > between the client and server incompatible if single DES were ever > negotiated. > I tested that I can use DES for kerberos 5 with DES-CBC-MD5 keys and 3DES for kerberos 5 with RC4-hmac keys. (at least the debug output told me so) > - Jeffrey Altman > > Thank you Markus ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
