On Jul 4, 2005, at 16:29, Will Fiveash wrote:
On Fri, Jul 01, 2005 at 02:52:55PM -0700, Phil Dibowitz wrote:
Is there a way to tell what encryption type is being used for the
session
key? I'm assuming the "3 etypes {511 511 1}" means there are three
encryption
types defined (which seems right)... but then there's "etypes {rep=1
tkt=1
ses=1}" which I interpret to say the session key is type "1" (DES?).
The "3 etypes" bit should be for the encryption types the client
indicates to the KDC that it supports (or that it wants used), in the
request message. (Though I don't know what 511 would be; in the MIT
code, 0x1ff is ENCTYPE_UNKNOWN, but we shouldn't be transmitting that
in any requests. Are you actually seeing the above with an MIT
client?)
Anyway, I know RFC 1510 has some
of the older enctype IDs:
and draft-raeburn-krb-rijndael-krb-05.txt has:
http://www.iana.org/assignments/kerberos-parameters has these now, btw,
except for changing 0 from "NULL" to "reserved". (Though the
references are outdated and should point to RFCs; I've just asked IANA
to fix that.)
Ken
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
