tech-security: kerberos 5 to 4 conversion

Subject: kerberos 5 to 4 conversion
To: None <tech-security@netbsd.org>
From: Tracy Di Marco White <gendalia@iastate.edu>
List: tech-security
Date: 11/08/2001 10:48:19

I'm talking to an MIT KDC from a NetBSD current machine, source from
approximately October 11th, 2001.  I get wrong keytype in ticket, but
I have no idea why I'm getting a keytype that isn't listed in my
krb5.conf as supported.

bender# kinit gendalia    
gendalia@IASTATE.EDU's Password: 
kinit: converting creds: converting credentials: wrong keytype in ticket

bender# klist -v     
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: gendalia@IASTATE.EDU
    Cache version: 4

Server: krbtgt/IASTATE.EDU@IASTATE.EDU
Ticket etype: des-cbc-md5, kvno 2
Auth time:  Nov  8 10:27:31 2001
End time:   Nov  8 22:27:30 2001
Ticket flags: initial
Addresses: IPv4:129.186.145.106


v4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)

part of my krb5.conf:
[appdefaults]
        krb4_get_tickets = true
[libdefaults]
        ticket_lifetime = 43200
        default_realm = IASTATE.EDU
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
        krb4_get_tickets = true
        krb4_srvtab = /etc/kerberosIV/srvtab
        krb4_config = /etc/kerberosIV/krb.conf
        krb4_realms = /etc/kerberosIV/krb.realms

[login]
        krb5_get_tickets = true
        krb4_get_tickets = true
        krb_run_aklog = true

[realms]
        IASTATE.EDU = {
                kdc = kerberos-1.iastate.edu
                kdc = kerberos-2.iastate.edu
                admin_server = kerberos-1.iastate.edu:749
                default_domain = iastate.edu
                supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4


Tracy J. Di Marco White
Project Vincent Systems Manager
gendalia@iastate.edu