[Bug 900447] Re: Man 5 page for kdc.conf does not mention acceptable encryption types

Sam Hartman hartmans at debian.org
Tue Dec 6 00:45:46 UTC 2011 

>>>>> "J" == J Sadler <900447 at bugs.launchpad.net> writes:

    J> You may want to reconsider adding it to kdc.conf's man page.  I
    J> don't believe that in a normal client install that you would get
    J> the admin guide. Don't you only get it if you install the admin
    J> packages? 

1) It's in krb5-doc; anyone can install that

2) Really end-users have very little business setting those config
values.  With the exception of some unfortunate bugs with NFS, it more
or less means that the Kerberos admin has screwed up if you find
yourself needing to care about enctypes.  Which of course does happen,
so if it were in krb5-admin-server not krb5-doc I'd agree with your
point.  However, asking people to look on the web or at detailed
documentation for a complex issue seems reasonable to me.

--Sam

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/900447

Title:
  Man 5 page for kdc.conf does not mention acceptable encryption types

Status in “krb5” package in Ubuntu:
  Confirmed

Bug description:
  Hi

  It would be helpful if the man 5 page for kdc.conf could explicitly
  specify the acceptable encryption types we can use.

  Currently the only way is looking at the source code in the following file:
  /krb5-1.9.1+dfsg/src/lib/crypto/krb/etypes.c

  grep ENCTYPE_ ./krb5-1.9.1+dfsg/src/lib/crypto/krb/etypes.c
      { ENCTYPE_DES_CBC_CRC,
      { ENCTYPE_DES_CBC_MD4,
      { ENCTYPE_DES_CBC_MD5,
      { ENCTYPE_DES_CBC_RAW,
      { ENCTYPE_DES3_CBC_RAW,
      { ENCTYPE_DES3_CBC_SHA1,
      { ENCTYPE_DES_HMAC_SHA1,
      { ENCTYPE_ARCFOUR_HMAC,
      { ENCTYPE_ARCFOUR_HMAC_EXP,
      { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
      { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
      { ENCTYPE_CAMELLIA128_CTS_CMAC,
      { ENCTYPE_CAMELLIA256_CTS_CMAC,

  Leonardo

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: krb5-kdc 1.9.1+dfsg-1ubuntu2.1
  Uname: Linux 3.2.0-999-generic x86_64
  ApportVersion: 1.23-0ubuntu4
  Architecture: amd64
  Date: Mon Dec  5 14:31:49 2011
  ProcEnviron:
   LANGUAGE=en_US:
   LANG=en_US
   SHELL=/bin/bash
  SourcePackage: krb5
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/900447/+subscriptions

More information about the foundations-bugs mailing list