> This is unrelated to libpam-krb5 itself; it doesn't care about the > encryption type. It just calls the underlying Kerberos library. > However, MIT Kerberos has dropped support for DES by default, and I'm > guessing you upgraded that at the same time. > > The short version is that you need to add: > > allow_weak_crypto = true
I already had that. That broke back quite some time ago and you told me to add that :) > to the [libdefaults] section of your krb5.conf file if you want to > continue to use DES. [libdefaults] default_realm = CHARITE.DE allow_weak_crypto = true # Neu: wegen weak crypto unserer KDCs! And it works with "allow_weak_crypto = true" and this set of packages: 2012-04-17 17:23:40 status installed libkrb5support0 1.8.3+dfsg-4squeeze5 2012-04-17 17:23:40 status installed libk5crypto3 1.8.3+dfsg-4squeeze5 2012-04-17 17:23:40 status installed libkrb5-3 1.8.3+dfsg-4squeeze5 2012-04-17 17:23:41 status installed libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 2012-04-17 17:23:41 status installed krb5-user 1.8.3+dfsg-4squeeze5 It doesn't work, though, with those: 2012-04-17 16:50:31 status installed libkadm5clnt-mit8 1.10+dfsg~beta1-2 2012-04-17 16:50:31 status installed libkadm5srv-mit8 1.10+dfsg~beta1-2 2012-04-17 17:05:40 status installed libkrb5support0 1.10+dfsg~beta1-2 2012-04-17 17:05:41 status installed libk5crypto3 1.10+dfsg~beta1-2 2012-04-17 17:05:41 status installed libkrb5-3 1.10+dfsg~beta1-2 2012-04-17 17:05:42 status installed libgssapi-krb5-2 1.10+dfsg~beta1-2 2012-04-17 17:05:42 status installed libkadm5clnt-mit8 1.10+dfsg~beta1-2 2012-04-17 17:05:43 status installed libkadm5srv-mit8 1.10+dfsg~beta1-2 2012-04-17 17:05:43 status installed krb5-user 1.10+dfsg~beta1-2 So what's the deal with 1.10? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin [email protected] Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
