Windows with Krb5

Jeffrey Hutzelman Jeffrey Hutzelman <jhutz@cmu.edu>
Thu, 14 Jun 2001 19:53:03 -0400 (EDT)


On Thu, 14 Jun 2001, Kevin Rowland wrote:

> I then switched the order to get the AFS-NT client to work (although I'm
> confused as to why it didn't -- perhaps the afs client doesn't support
> no-salt???)

The AFS client doesn't support the V5 default salt, which is what "normal"
means.  Some of the documentation is confusing on this point.  The V5
string-to-key algorithm is the same as that used by V4, except that where
V4 uses only the password, V5 uses the concatenation of the password and
salt string.

The salt string in the database can actually be anything, but the standard
salt types that are available are normal, norealm, onlyrealm, and v4.  The
'normal' salt actually contains both the principal name and realm, while
the 'v4' salt is the empty string (which is compatible with what v4 did).

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA