On 12/29/2014 05:09 PM, Matt . wrote:
Hi All,

Why doing some IPA commands on my 4.1.2 install I get the following error:


ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS failure.
Minor code may provide more
                   information', 851968)/('KDC has no support for
encryption type', -1765328370)/

I already tried to add this to my [libdefaults] in my krb5.conf:


[libdefaults]
  ...
allow_weak_crypto = yes
default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5

I am not sure about spaces but I suspect it is OK.
What is not OK is probably that you not listed all other encryption types that IPA assumes. If you need weaker ciphers you need to list them in addition to the strong ones.

http://web.mit.edu/kerberos/krb5-1.13/doc/admin/conf_files/krb5_conf.html


But this doesn't seem to fix it.

Is this still the known bug in 4.x ?

And can I fix it ?

Thanks!

Matt



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to