> On Mon, 01 Dec 2014 11:53:11 +0100
> Andreas Ladanyi <andreas.lada...@kit.edu> wrote:
>> Hi,
>> Server: FreeIPA 3.3.5, Fedora 20
>> Client: Ubuntu 14.04
>> ipa-getkeytab -s freeipaserver -p principal@REALM  -k
>> /tmp/principal.keytab -e des3-hmac-sha1 -P
>> only results in:
>> klist -k /tmp/principal.keytab -e
>> Keytab name: FILE:/tmp/principal.keytab
>> KVNO Principal
> The 2 enctypes are equivalent and can be interchanged afaik.
> Simo.

Another question: Is it possible to generate keys with no salt instead
of Version 5 (normal) salt ?

I want to generate a des3 key with no salt:

ipa-getkeytab -s freeipaserver -p principal@REALM -k
/tmp/principal.keytab -e des3-hmac-sha1:v4 -P

The answer is:

Bad or unsupported salt type.
Failed to create key material

I configured the des3-hmac-sha1:v4 in LDAP and in kdc.conf


