Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Everything should be made as simple as possible, but not simpler. -- Albert Einstein

devel / comp.protocols.kerberos / Correct procedure to add a new enctype

SubjectAuthor
o Correct procedure to add a new enctypeDario García Díaz-Miguel

1
Correct procedure to add a new enctype

<mailman.1.1639669965.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=189&group=comp.protocols.kerberos#189

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!news.niel.me!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: dgd...@gmv.com (Dario García Díaz-Miguel)
Newsgroups: comp.protocols.kerberos
Subject: Correct procedure to add a new enctype
Date: Thu, 16 Dec 2021 09:38:55 +0000
Organization: TNet Consulting
Lines: 509
Message-ID: <mailman.1.1639669965.8148.kerberos@mit.edu>
References: <a5af252ff3a249a8a9176e17971a46e1@gmv.com>
Mime-Version: 1.0
Content-Type: multipart/related;
boundary="_010_a5af252ff3a249a8a9176e17971a46e1gmvcom_";
type="multipart/alternative"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="1914"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Cj2WWlVfTQaUPYcudE1EVbVfcjtzFXgrTouuUOFI1KWCJ001DULt0ATD2BGLgfauf5P7pe5IFVj6Z/8r+fvpqH5r/Ey0g7IPVx2lYothoGit0mAKHKaB6loRbgvz8WXiV3T6b4VljaCSSg/cqrIPqNPVzKw19SXdp5bO2ncxls9CLXtLKrWo2+6XeCH7NimYEhnrfxyQpNm6stdeaX8gyPMTZYHLgvtorTq6H16qkWk3OpwLwNdVSMFbx1J0p+L5/5noPmV/7KbnOSAm9HT+pKDplxOYKh0AIkmiVKjXWRULsbp//T11ERp1m5nknhAXmarOjX1FyGAfS0VoY7JJmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=sh+coriAkWnjZdUCeVZgV1vvWM7FE++fiZkPEzBBOI0=;
b=OnZKxTy+FdWfCK8A/rYdUPV8aG9VwZJp7NHVN53N6a4u5I+NksraIy+lP7Zu+qkD7tL4LGcAwIM1rC4OA/FK6nwmlV8KSBwaQjMf7PBAgr/S1AtzEgKmeV+dZa4tarqtPU4K8lGVJ4NDvF1jQd7NrmYeJVm/JwLvke7pXTDvfoHPPDoEGqMmgOEAfqsH5Bltx72uBiyWoUHOBNm4uJrIV/8m8hNSjN23Th4HJ2237kW720L9toCFZKEtZsJzJP/O4aWyc9Mq9P/z3sW/WLzMEgOy44mQKntUcSAzUJpRkV3enkLSBo5WXcRwX7IReaNtlVJmeUlRBQHGRUoefdhhSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=sh+coriAkWnjZdUCeVZgV1vvWM7FE++fiZkPEzBBOI0=;
b=LXVsnzxcOqN0KpzyzAo7yduTAzwmylor+1K1h7J1fvzoPPEN81y6gmuwqvZ3HJPYDzZBOLnfTTE48rnW2fA6yXA4lWgz1ZvVqVkI/Rmwxc6n9kyhrHhJUPJPaHIFAZfqtIDomrA5VPZoWihrjXwoA3dSFY6XSPLNegrWszhT1W4=
Authentication-Results: spf=pass (sender IP is 185.132.183.154)
smtp.mailfrom=gmv.com; dkim=pass (signature was verified)
header.d=gmv.com;dmarc=pass action=none header.from=gmv.com;
Received-SPF: Pass (protection.outlook.com: domain of gmv.com designates
185.132.183.154 as permitted sender) receiver=protection.outlook.com;
client-ip=185.132.183.154; helo=mx07-002baa02.pphosted.com;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmv.com;
h=from : to : subject :
date : message-id : content-type : mime-version; s=gmvcom;
bh=sh+coriAkWnjZdUCeVZgV1vvWM7FE++fiZkPEzBBOI0=;
b=VWsGrdUz+IGjVdh2gjHvh6Z+G1BLXrnvEdU+ImRsSu+X4yZ0GttaH7dP2V81ZPtzYDvX
jlF3lg5bxTDK+VkCIMzBuHXFNY3DJpEZYSoODf1elMkeO0vSn11ukU6HKoLYd/m3hMeL
hzdsawBmZb9rcdNROOUkdmQ4NFAcOpLrpFRbn3h4NUYwsgjODyYIkCSwx7wznJ+9EKo4
YTHLMwXkkwAM3GZHnst0OKjR8dLoncVTbwE35+uUTW579GRAohDvsxEA5QsZnpPKCbvZ
Ug3HAYBV6TD0d/uBBFvVclLaB8OY+bGS9wwZ1GF0fkrgJManzsclJ9yuwxdP2lzsix36 Dw==
Thread-Topic: Correct procedure to add a new enctype
Thread-Index: AdfyXh2u+3F87lWiSUCyw6H0/FWB2Q==
Accept-Language: es-ES, en-US
Content-Language: es-ES
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-kse-serverinfo: ptmexch3.gmv.es, 9
x-kse-attachmentfiltering-interceptor-info: protection disabled
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean, bases: 12/16/2021 6:02:00 AM
X-KSE-ServerInfo: ptmexch5.gmv.es, 9
X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
X-KSE-Antivirus-Interceptor-Info: bases corrupted
X-Proofpoint-ORIG-GUID: j9mUHfoR3BsA8w_HOvJmOvk05lTHksqf
X-Proofpoint-GUID: j9mUHfoR3BsA8w_HOvJmOvk05lTHksqf
X-Proofpoint-Action: Received-Header-Sanitized
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513
definitions=2021-12-16_03,2021-12-14_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
adultscore=0
lowpriorityscore=0 clxscore=1011 phishscore=0 priorityscore=1501
impostorscore=0 mlxscore=0 spamscore=0 suspectscore=0 malwarescore=0
bulkscore=0 mlxlogscore=605 classifier=spam adjust=0 reason=mlx
scancount=1 engine=8.12.0-2110150000 definitions=main-2112160054
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3d896adc-e8f7-4335-414a-08d9c077e298
X-MS-TrafficTypeDiagnostic: DM5PR01MB2633:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <DM5PR01MB2633E9C14DD2C7BC082E2B5DDC779@DM5PR01MB2633.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: /IifMVIijqofSE6Aej3uk5Chu2LTmN3Cin/+kxJlS7VWOewBE7EzeUSIENb0R/QsYaHbJPt4GRPG+Ncl+cWip1CKwYRPDYE3RG56nE6B2rVffbkKl171OOF64EQIhSXvCPXEqCV51xXLjtYR00V8iM0dngyUrluH2gk5iK5MRzAZCch9RuzR8At5VnbD5mxjMcRRgRFdYT0cUnox/teBWBkreMqQAOlkPdnSPNRMTKQBCh0EK7+9gdVbyIeruD81y+BicF9SWwt+zcK1hwTObVEG5KsNweyQdF3nNJcbJkiDt+2QI1bfFIKupHRzOIzI2Zl590uCfStaZp76vB+pyCeVNfw8eqhZys8n+X+HT+53EwQ9xkINSwWe/QyNU0oVTn7l0LSy7gL9aXYJ6rpvDzGvi9xx3GMONJmBD7TE/6/SphMsmS1Vf4dv5IfL1GmSiFvhG4bWAhevIJ3RJ3pZZKUv5gHL4wP9YU6a9nxPNKaRug5ilAjIPuwFvA4FuYzFMRkuhEE/d6xVRFCNxYn6H6bltlfr0EA1JEQrEcsIAV9qo4Kv4oOncwtExtVO6jIrCpni75YxwjBsxubTfO9kdHIaVBGeqAX6J7uHD1dTxPloNOGILD7uxJNTzjW7oWHSH+/ZbIIBX+Ve9byMGuIkJTxSP4sx2RKHLt7AJiyWX2OpGRG0Y1Vxf+D7GG+dRU54
X-Forefront-Antispam-Report: CIP:185.132.183.154; CTRY:NL; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mx07-002baa02.pphosted.com;
PTR:mx07-002baa02.pphosted.com; CAT:NONE;
SFS:(4636009)(786003)(2616005)(26005)(70586007)(66574015)(7126003)(336012)(166002)(45080400002)(356005)(68406010)(5660300002)(86362001)(2906002)(7596003)(19627235002)(6862004)(8676002)(99936003)(7636003)(24736004)(108616005)(316002)(19627405001)(508600001)(36756003)(15974865002);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Dec 2021 09:38:58.1781 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d896adc-e8f7-4335-414a-08d9c077e298
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT038.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB2633
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Mailman-Approved-At: Thu, 16 Dec 2021 10:52:43 -0500
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <a5af252ff3a249a8a9176e17971a46e1@gmv.com>
 by: Dario García Díaz- - Thu, 16 Dec 2021 09:38 UTC
Attachments: "image001.gif"; size=5711; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/gif), "image002.png"; size=2914; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png), "image003.png"; size=2946; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png), "image004.png"; size=3026; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png), "image005.png"; size=2913; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png), "image006.png"; size=3042; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png), "image007.png"; size=4932; creation-date="Thu, 16 Dec 2021 09:38:55 GMT"; modification-date="Thu, 16 Dec 2021 09:38:55 GMT" (image/png)

Hi Everyone,

I've a question I prefer to ask before starting to test with the environment to proceed in a correct way.
We have a Kerberos LDAP database backend and I was wondering which is the correct procedure to add a new enctype to an existing and populated database and REALM.
Currently we have two supported and default enctypes for tkt and tgs. However, now we have an application that does not support our current supported enctypes so we have to add a new enctype.

Which is the correct procedure to add this enctype and to generate an additional key for this enctype for each principal involved?

I suppose that the enctype used will be the strongest one of the supported enctype keys existing for that principal.

Thank you so much.
Regards.

[cid:image001.gif@01D7F266.1D932ED0]

Dario Garcia
Díaz-Miguel
GGCS-SES Unit
GGCS SKMF Infrastructure Division

GMV
C\ de Isaac Newton, 11
28760, Tres Cantos, Madrid
España
+34 918 07 21 00
+34 918 07 21 99
www.gmv.com <http://www.gmv.com/>
[cid:image002.png@01D7F266.1D932ED0]<http://www.facebook.com/infoGMV>

[cid:image003.png@01D7F266.1D932ED0]<http://www.twitter.com/infoGMV_es>

[cid:image004.png@01D7F266.1D932ED0]<http://www.youtube.com/infoGMV>

[cid:image005.png@01D7F266.1D932ED0]<https://www.linkedin.com/company/gmv>

[cid:image006.png@01D7F266.1D932ED0]<http://www.gmv.com/en/RSS>

[cid:image007.png@01D7F266.1D932ED0]<http://www.gmv.com/blog_gmv/language/en/>

P Please consider the environment before printing this e-mail.

Attachments:  ,  ,  ,  ,  ,  ,  
1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor