[19682] in Kerberos_V5_Development
Re: Incompatibility between krb's AES256-CTS-HMAC-SHA1-96 and
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Nov 10 01:43:05 2017
MIME-Version: 1.0
In-Reply-To: <CAK8_kVJZWpE2=2rbzDY7X9EM7r0Hy_qyE4w6wamURb6Dkxq4LQ@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 10 Nov 2017 08:42:41 +0200
Message-ID: <CAC-fF8RjMD=wNGojz3uLi+-kmUp5iYKQDqKSGsCYc77AYML4Tw@mail.gmail.com>
To: Ido Shlomo <shloim@gmail.com>
Cc: krbdev@mit.edu, Simo Sorce <simo@redhat.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Nov 10, 2017 at 7:08 AM, Ido Shlomo <shloim@gmail.com> wrote:
> Thank you. I understand the options, but I am not familiar with tools that
> may do that automatically. (currently this entire process is automated using
> shell scripts).
If you know the salt and it is different than what ktutil uses, then
you may be able to build the ktutil from git master which let's you
specify the salt.
For troubleshooting, i'd still suggest to try kinit and see what salt
the actually is, like:
KRB5_TRACE=/dev/stdout kinit principal |grep salt
HTH
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev