Hi Jeffrey, On Fri, 2011-10-14 at 08:02 -0400, Jeffrey Altman wrote: > Andreas: > > Wireshark cannot show you the type of the session key since that key is > only visible to parties that are capable of decrypting the encrypted > portions of the response. It is the session key that must be des-cbc-* > and which is instead aes256-cts-hmac-sha1-96 in the 1.5.1 case.
OK, learned something again ... > klog.krb5 should be setting an explicit request for a des-cbc-crc > session key. That is a bug which must be fixed. It should be reported > to [email protected]. Done. > Heimdal 1.5.1 should also be restricting the session key to one of the > encryption types that are known to the [email protected] principal. That is > also a bug and should be reported on the heimdal mailing list. Done, as well. Cheers, Andreas -- | Andreas Haupt | E-Mail: [email protected] | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
