Re: Bad encryption type from gss-server

Wed, 10 Jul 2002 14:39:55 -0700 

[EMAIL PROTECTED] (Sam Hartman) wrote in message 
news:<[EMAIL PROTECTED]>...
> It might be significantly easier to debug problems like this if you
> included the versions of Kerberos you are using.  Better yet,
> preemptively upgrade to 1.2.5.
> 
> ________________________________________________
> Kerberos mailing list           [EMAIL PROTECTED]
> http://mailman.mit.edu/mailman/listinfo/kerberos

The Solaris KDC is 1.2.5.  Upgraded the gss-client/server to 1.2.5 and
rebuilt on HP, one version with static libraries and one with shared
libraries.

As expected, the static version works but the shared version got "Bad
Encryption Type" error.  This means the libraries on HP-UX B.11.11 are
not compatible with this version of KDC.

Is there some configuration I can fiddle on the KDC without the need
to downgrading it?

Is the bad encryption caused by the "Triple DES cbc mode with
HMAC/sha1" in the krbtgt?  Can I remove it to force "DES cbc" instead?

kadmin.local:  modprinc -support_desmd5 [EMAIL PROTECTED]
kadmin.local:  getprinc [EMAIL PROTECTED]
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Tue Jul 09 10:57:45 PDT 2002 ([EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

> klist -e
Ticket cache: /tmp/krb5cc_108
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
07/09/02 13:10:59  07/09/02 23:10:59  [EMAIL PROTECTED]
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16
07/09/02 13:11:51  07/09/02 23:10:59 
[EMAIL PROTECTED]
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16

# klist -k -e -t
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -------------------------------------------------------------------------
  2 07/09/02 13:11:14 [EMAIL PROTECTED] (DES cbc mode
with CRC-32)
   2 07/09/02 13:11:14 [EMAIL PROTECTED] (etype 16)

/etc/krb5.conf:
[libdefaults]
        ticket_lifetime = 600
        default_realm = MYREALM.COM
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to