[32690] in Kerberos
Re: Kerberos troubles
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Sep 21 15:48:42 2010
MIME-Version: 1.0
In-Reply-To: <3CA81CF7260B4B22AA01C064FB135C42@CDCHOME>
Date: Wed, 22 Sep 2010 05:48:37 +1000
Message-ID: <AANLkTiktCsU=MuJOmvPiF42=UanDcETEnHCtDswck-ph@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: "Christopher D. Clausen" <cclausen@acm.org>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 22 September 2010 05:28, Christopher D. Clausen <cclausen@acm.org> wrote:
> I'm guessing you need to enable single DES encryption types on the KDCs, the
> web server and the clients.
>
> You should look into the allow_weak_crypto = true in the [libdefaults]
> section of krb5.conf
Will surely try.
The principal was created using:
ank -pw password -e rc4-hmac:normal host/minimepc.m.domain.com
For all account it seemed to work properly, by that I mean I see no
authentication error in the kdc logs.
I did see:
Sep 22 05:43:06 m.domain.com krb5kdc[68](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) 60.242.X.X: NEEDED_PREAUTH:
jeanyves_avenard@M.DOMAIN.COM for krbtgt/M.DOMAIN.COM@M.DOMAIN.COM,
Additional pre-authentication required
followed by proper authentication after
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
