Hi all,
don't want to register on FreeIPA nor RedHat/CentOS ticketing systems, but
want to make others know about my discovery. Hope somebody will review it
and open bug report.

The IPA (Kerberos part) failing to start when

supported_enctypes = aes camellia -des3 -des -rc4

listed in kdc.conf for realm.
With listing

 supported_enctypes = aes256-cts-hmac-sha1-96:normal
aes128-cts-hmac-sha1-96:normal camellia256-cts-cmac:normal
camellia128-cts-cmac:normal -des -des3 -rc4

the Kerberos and IPA start successfully.

These are the installed and affected versions

Hope it will help somebody.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to