Bad encryption type from gss-server

Tue, 09 Jul 2002 13:39:01 -0700 

I have KDC installed on a Solaris machine and running gss-server.  I
have gss-client running on either Solaris/HP without any problems.

I build and run gss-server on HP and first I got the error "No such
file or directory".  So I copied /etc/krb5.keytab from the Solaris
machine to /etc on the HP.  Now I run into the next error from
gss-server:

GSS-API error accepting context: Miscellaneous failure
GSS-API error accepting context: Bad encryption type

I did some digging around and readup on the infamous "support_desmd5"
switch.  So on the Solaris machine, I used kadmin.local and:
kadmin.local:  modprinc -support_desmd5 [EMAIL PROTECTED]
kadmin.local:  getprinc [EMAIL PROTECTED]
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Tue Jul 09 10:57:45 PDT 2002 ([EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

I kdestroy everything on the client, and run gss-client again and
still got the
error "Bad Encryption Type".

> klist -e
Ticket cache: /tmp/krb5cc_108
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
07/09/02 13:10:59  07/09/02 23:10:59  [EMAIL PROTECTED]
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16
07/09/02 13:11:51  07/09/02 23:10:59 
[EMAIL PROTECTED]
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16


# klist -k -e -t
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------   2 07/09/02
13:11:14 [EMAIL PROTECTED] (DES cbc mode with CRC-32)
   2 07/09/02 13:11:14 [EMAIL PROTECTED] (etype 16)

/etc/krb5.conf:
[libdefaults]
        ticket_lifetime = 600
        default_realm = MYREALM.COM
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc

The gss-server/gss-client was from the 1.2.3 branch.

So why do I get this "Bad encryption type" error when running the
gss-server from HP and not from Solaris?
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to