> This is an incorrect description. That might very well be, but I thought it was better than nothing because others who are in trouble might want to know that they are not alone ;-/
> The explicit problem occurs when the > following combination is true: > > 1. user has one or more strong enctype keys with non-default > password salts > > 2. the only keys with default password salts are weak enctypes I don't know how the user would have ended up with that combination and I don't know how the enctype list looked before the user was told to change password. > 3. preauth is required As 1.5.x seems to have the bug that you can't turn it off, yes of course. > In this combination, the strong enctype with the non-default password > salt will not be recommended to the client in the pa-etype-info or > pa-etype-info2 data sent with the preauth required error reply. And what would happen if there is no strong enctype at all? > Since no pa-etype hint was provided the client chooses its preferred > enctype which is aes256. > A correction has been prepared and will be submitted after testing. :-) Harald. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
