oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

more about the des3 mic mess

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12181 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-04-30 09:57:00 +00:00
parent 327f5dc311
commit 9b26e3a8ec
2 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/gssapi/gssapi.3
View File

@@ -106,9 +106,18 @@ implementations when using
.Fn gss_get_mic
/
.Fn gss_verify_mic .
Its possible to modify the behavior of the generator of the MIC with
the
.Pa krb5.conf
configuration file so that old clients/servers will still
work.
.Pp
Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
will change in 0.7 to use correct des3 mic.
New clients/servers will try both the old and new MIC in Heimdal 0.6.
In 0.7 it will check only if configured and the compatibility code
will be removed in 0.8.
.Pp
Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
this will change in 0.7 to generate correct des3 mic.
.Pp
To turn on compatibility with older clients and servers, change the
.Nm [gssapi]
@@ -117,7 +126,7 @@ in
.Pa krb5.conf
that contains a list of globbing expressions that will be matched
against the server name.
To turn off compatibility with older clients and servers use
To turn off generation of the old (incompatible) mic of the MIC use
.Nm [gssapi]
.Ar correct_des3_mic .
.Pp

15
lib/gssapi/krb5/gssapi.3
View File

@@ -106,9 +106,18 @@ implementations when using
.Fn gss_get_mic
/
.Fn gss_verify_mic .
Its possible to modify the behavior of the generator of the MIC with
the
.Pa krb5.conf
configuration file so that old clients/servers will still
work.
.Pp
Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
will change in 0.7 to use correct des3 mic.
New clients/servers will try both the old and new MIC in Heimdal 0.6.
In 0.7 it will check only if configured and the compatibility code
will be removed in 0.8.
.Pp
Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
this will change in 0.7 to generate correct des3 mic.
.Pp
To turn on compatibility with older clients and servers, change the
.Nm [gssapi]
@@ -117,7 +126,7 @@ in
.Pa krb5.conf
that contains a list of globbing expressions that will be matched
against the server name.
To turn off compatibility with older clients and servers use
To turn off generation of the old (incompatible) mic of the MIC use
.Nm [gssapi]
.Ar correct_des3_mic .
.Pp