ktadd/addprinc -e "WHAT-GOES-HERE"???

Toby.Russell@vattenfall.de Toby.Russell at vattenfall.de
Wed Feb 1 07:13:04 EST 2006

Hello people,
I have been searching in vain for the correct collection of letters and dashes to enter within speech-marks after the -e switch of the ktadd/addprinc command. The codes for supported encryption keys I found at http://web.mit.edu.ezproxyberklee.flo.org/kerberos/www/krb5-1.4/krb5-1.4.3/doc/krb5-admin/Supported-Encryption-Types.html#Supported%20Encryption%20Types do not work. For example:
ktadd -e "des3-hmac-sha1" host/<BLAH>
ktadd: Invalid argument while parsing keysalts des-hmac-sha1
as well as:
ktadd -e "aes256-cts-hmac-sha1-96" host/<BLAH>
ktadd: Invalid argument while parsing keysalts aes25X-cts-hmac-sha1-96
kadmin fails to register the 3 and one of the 6s! 
addprinc has the same problem, but with a slightly different output:
add_principal: Invalid argument while parsing keysalts aes25/-cts-hmac-sha1-96
Without speechmakrs the problem is the same, with single speech marks the single speech marks are icluded in the enc-key, although the number is then registered.
$TERM is vt220, $EDITOR is vi. OS is Solaris 8.
Playing around with it a little I notice I can escape the 3 and then kadmin sees it, but also the \. Also, it sees all 3s as long as they do not occur before a dash. It seems the sequence: "No. followed directly by a dash" seems to be a problem for kadmin. Has anyone else experienced this?
Can someone please confirm that the list posted at the address mentioned above is the official list, and also the correct form for the various key types to be entered when selecting a preferred key. If it is not, and I have misunderstood something, can someone PLEASE point me in the right direction.
Best regards

Mit freundlichen Grüßen


Toby Russell




Vattenfall Europe Information Services GmbH

Datacentre Systemservice         

Überseering 12

22297 Hamburg



Rohrdamm 7

13629 Berlin

fon +49 (0) 30 60005 - 4533

fax +49 (0) 30 60005 - 4549

E-Mail   mailto:toby.russell at vattenfall.de <mailto:toby.russell at vattenfall.de> 

Internet http://www.vattenfall.de/is

More information about the Kerberos mailing list