Subject: bin/32659: kinit(1) -e does not support all encryption methods
To: None <,>
From: None <>
List: netbsd-bugs
Date: 01/29/2006 06:50:00
>Number:         32659
>Category:       bin
>Synopsis:       kinit(1) -e does not support all encryption methods
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 29 06:50:00 +0000 2006
>Originator:     Juan RP
>Release:        NetBSD 3.99.15
System: NetBSD Nocturno 3.99.15 NetBSD 3.99.15 (Nocturno) #451: Sun Jan 29 04:22:36 CET 2006 juan@Nocturno:/home/juan/build/obj/sys/arch/i386/compile/Nocturno i386
Architecture: i386
Machine: i386
	Playing with kerberos I've discovered that some encryption
	methods are not supported, even the manpage shows they
	are supported.


    valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-
    md5, des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96,
    and aes256-cts-hmac-sha1-96 .

	But looks like the arcfound and aes methods are not

	$ kinit -e arcfour-hmac-md5
	foo@BLAH's Password: 
	kinit: krb5_get_init_creds: KDC has no support for encryption type


	$ kinit -e aes128-cts-hmac-sha1-96
	kinit: unrecognized enctype: aes128-cts-hmac-sha1-96

	Same for aes256. The other ones (des*) are supported it seems.
	Sorry, I don't know.