> On Mon, 01 Dec 2014 11:53:11 +0100
> Andreas Ladanyi <andreas.lada...@kit.edu> wrote:
>
>> Hi,
>>
>> Server: FreeIPA 3.3.5, Fedora 20
>> Client: Ubuntu 14.04
>>
>> ipa-getkeytab -s freeipaserver -p principal@REALM  -k
>> /tmp/principal.keytab -e des3-hmac-sha1 -P
>>
>> only results in:
>>
>> klist -k /tmp/principal.keytab -e
>> Keytab name: FILE:/tmp/principal.keytab
>> KVNO Principal
> The 2 enctypes are equivalent and can be interchanged afaik.
>
> Simo.
>
Ok.

Another question: Is it possible to generate keys with no salt instead
of Version 5 (normal) salt ?

I want to generate a des3 key with no salt:

ipa-getkeytab -s freeipaserver -p principal@REALM -k
/tmp/principal.keytab -e des3-hmac-sha1:v4 -P

The answer is:

Bad or unsupported salt type.
Failed to create key material

I configured the des3-hmac-sha1:v4 in LDAP and in kdc.conf


Andreas

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to