Everything You Wanted to Know About Kerberos Enctypes But ...


I wrote a presentation about Kerberos encryption types (enctypes) and how they are used in Kerberos. It is aimed at both developers and administrators. You can download the PDF version here . Note, earlier versions of the presentation had a Sun Confidential label on the bottom of the slides which was left there by mistake. I have removed this label in the latest version of the presentation. I've updated the presentation slightly as of Oct 8,2007.

Technorati Tag: Technorati Tag:
Comments:

A very nice document, but I think that where you say "The KDC uses the first server KDB key and enctype to encrypt the server ticket." that is not precisely correct. I believe that the KDC finds the highest key version number in use for that principal, and then takes the first key with that kvno. Often all keys have the same kvno, so this point is moot, but if you use the "-keepold" flag when changing the key you can have multiple kvno's in use.

Also, you don't explicitly say it, but what determines which of the keys is first is the order of the keytypes specified in the KDCs supported_enctypes config at the time the key is created/updated (getprinc in kadmin will list them in order).

Posted by John Hascall on October 04, 2007 at 02:42 PM CDT #

Thanks for that comment John, you are correct and I'll update that document.

Posted by Will Fiveash on October 08, 2007 at 10:48 AM CDT #

JE VEUX QUE VOUS ME PRESENTIEZ KERBBROS

Posted by guest on November 16, 2008 at 10:24 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

user12615206

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today