I set up the 389 LDAP server to support des-cbc-crc enctype.

I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4
(single-DES). I created the principal with:

kadmin.local -x ipa-setup-override-restrictions

The result is:

Principal: afs/cellname@Realm
Key: vno 1, des-cbc-crc, no salt
Key: vno 1, aes256-cts-hmac-sha1-96, no salt

Seems like the principal was set correctly with single-des.

I execute a "kinit username" and got my tgt.

kvno -e des-cbc-crc afs/cellname
kvno: KDC has no support for encryption type while getting credentials
for afs/cellname@REALM

kvno -e aes256-cts-hmac-sha1-96  afs/cellname
afs/celln...@pp.ipd.kit.edu: kvno = 1

Iam wondering that i dont get a ticket with des-cbc-crc enctype from
FreeIPA Kerberos server.

Any ideas ?


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to