Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kerberos issues with 10.0_BETA post openssl update
>> This looks like a jump to null in the RC4 logic using EVP_md4().
>>
>> For EVP_rc4 we have a hack in Heimdal to do
>>
>> EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy")
I don't know if you have control over this, but ... RC4? In 2023? Yikes.
Kerberos clients do send a list of the supported crypto algorithms to the
KDC as part of the AS-REQ message so this would indicate to me that one
of three things is happening:
1) Your client is configured to only allow RC4 as a cipher (I've seen
this happen when people misguidedly configure this in the Kerberos
configuration files; normally this should never be done except it very
unusual circumstances)
2) Your KDC does not support crypto algorithms other than RC4,
which ... double yikes if that's the case.
3) Your KDC DOES support more modern crypto algorithms but you haven't
changed your password in approximately forever.
If this is 1 or 3 it should be easy to fix and probably would be a good
idea to do so.
--Ken
Home |
Main Index |
Thread Index |
Old Index