netbsd-bugs: bin/32659: kinit(1) -e does not support all encryption methods

Subject: bin/32659: kinit(1) -e does not support all encryption methods
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <juan@xtrarom.org>
List: netbsd-bugs
Date: 01/29/2006 06:50:00

>Number:         32659
>Category:       bin
>Synopsis:       kinit(1) -e does not support all encryption methods
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 29 06:50:00 +0000 2006
>Originator:     Juan RP
>Release:        NetBSD 3.99.15
>Organization:
>Environment:
System: NetBSD Nocturno 3.99.15 NetBSD 3.99.15 (Nocturno) #451: Sun Jan 29 04:22:36 CET 2006 juan@Nocturno:/home/juan/build/obj/sys/arch/i386/compile/Nocturno i386
Architecture: i386
Machine: i386
>Description:
	Playing with kerberos I've discovered that some encryption
	methods are not supported, even the manpage shows they
	are supported.

--
krb5.conf(5):

etypes
    valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-
    md5, des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96,
    and aes256-cts-hmac-sha1-96 .
--

	But looks like the arcfound and aes methods are not
	supported:

	$ kinit -e arcfour-hmac-md5
	foo@BLAH's Password: 
	kinit: krb5_get_init_creds: KDC has no support for encryption type

	And:

	$ kinit -e aes128-cts-hmac-sha1-96
	kinit: unrecognized enctype: aes128-cts-hmac-sha1-96

	Same for aes256. The other ones (des*) are supported it seems.
	
>How-To-Repeat:
>Fix:
	Sorry, I don't know.